Blogging about Royal TS/X, Royal Server and Royal Passwords

Licensing and Software Maintenance of Royal TS/X

With our new major releases of Royal TS, Royal TSX and Royal Server around the corner we more and more get questions about licensing, software maintenance and pricing. In this blog post I want to explain in more detail how our licensing and software maintenance policy works.

License Model and Pricing

Many products and business models nowadays are based on subscription licensing. It is important to point out that our licensing is perpetual and an obtained license does not expire. There are no monthly or annual fees and no hidden costs. If you have purchased a license for Royal TS V2 more than 2 years ago, you can still use Royal TS V2 and all minor versions (V2.1 or V2.2, etc.). The same, of course, applies to Royal TS V3 or Royal TSX V2.

Royal TS V2 was released almost 3 years ago and with our single user license fee of EUR 25 we have an excellent and unmatched cost-performance ratio. I also want to point out that our pricing didn’t change in all those years! With several years of development of Royal TS V3 and Royal TSX V2, hiring additional people and economic changes, we are going to slightly increase our license fees. We think that we still have the best cost-performance ratio in the industry and we are committed to work on Royal TS/X, as well as our newest product “Royal Server”, and continue to provide regular updates.

Software Maintenance

Let me quickly sum up what software maintenance is and what benefits you have with an active software maintenance:

  • 12 months included
    Each license automatically includes at least 12 months of software maintenance (36 months for extended global licenses).
  • Access to the latest versions of Royal TS/X
    With active software maintenance you have access to the latest versions of Royal TS/X, including major version releases.
  • Priority email support
    Get help and answers to your questions faster. While we try to answer all our support requests as fast as possible, customers with active software maintenance are processed with higher priority.

Extending Software Maintenance

Before your software maintenance of your Royal TS V3 and Royal TSX V2 license expires, you will automatically receive an email with a 50% discount coupon code which is valid for one order and associated with your prior license key. The coupon code allows you to extend your Royal TS software maintenance of your licenses. Let me remind you that our licenses are perpetual and extending maintenance is optional! Extending your software maintenance is basically a re-purchase at a reduced price (through the coupon code). This may seem “unusual” at first and you may wonder why we chose this approach but we have some really good reasons for that and customers like you benefit the most!

Coupon Code Benefits:

  • Save money
    The coupon code we provide to extend software maintenance applies a 50% discount to your order. In case you do not extend your maintenance and wish to upgrade to the latest version after your maintenance expired, you will need to purchase full price licenses again.
  • Obtain additional licenses at the same reduced price
    Imagine you have 8 individual licenses and want to extend software maintenance for Royal TS but your team got bigger and you have now the need for 12 individual licenses. Using the coupon code, you can order 12 licenses and get 50% off on all 12 licenses. So you didn’t only extend maintenance for your existing 8 licenses, you also got 4 additional licenses at half the price. Of course, all 12 licenses will have another 12 month of software maintenance.
  • Switch license type
    The 50% discount can also be used to switch from one license type to another. Let’s say you have 8 individual licenses but your team got much bigger and a site license would make more sense now. No problem: use the discount coupon code to order a site license at half the price.
  • Upgrade to a bundle license
    Let’s say you purchased an individual license for Royal TS for Windows but now you also want to use Royal TSX for OS X. Use the discount coupon code to get 50% off on your bundle license order.

We also have an excellent licensing FAQ article for Royal TS for Windows and Royal TSX for OS X.

If you have any further questions, do not hesitate to contact us.



Document Lockdown

Back in the days, using Royal TS 1.7.x, it was possible to add an additional password to your document. With this second password admins could protect documents from modifications and also prevent users from reading passwords. This additional protection was missing in Royal TS V2 and lots of users asked us to bring back the feature. Well, in Royal TS (for Windows) V3 and Royal TSX (for OS X) V2 we will have it on board again and even put some extra sugar on top of it.

Disclaimer: while we understand the case to create documents which allows users to log on to production servers without knowing the actual password, we still think that many problems and security related issues can come up with this approach. The features we discuss in this blog post are intended to help you to better manage your documents and prevent users from easily and accidentally obtaining a confidential password. However, depending on your scenario, this approach may not be “bullet proof” or give you the desired results. There are also many “restrictions” which are applied to the workflow when you lock down a document. So make sure you fully test the workflow before you release any documents to your users!

 

Recommendation: We strongly recommend to provide personalized user accounts instead. This way all actions can be audited and fully tracked individually. Shared user accounts to manage systems is in general a very bad idea!

Now, let’s dive into Lockdown…

What exactly is meant by Lockdown?

A document with an Encryption password and a Lockdown password behaves like this:

  • A user opens the locked down document and is asked for the Encryption password.
  • The user enters the Encryption password and can browse and “use” the document with some restrictions (depending on the Lockdown Configuration). The document is in Locked mode.
  • The user can work with all the objects of that document (connect, execute tasks, etc.) but with some restrictions – more about that later.
  • Depending on the configured restrictions, the user may not be able to edit the document or view passwords.
  • To (temporary) remove those restrictions, the user needs to Unlock the document and is asked to enter the Lockdown password.
  • As long as the document is Unlocked, no restrictions apply.

Document Formats

Before we go into the specifics of Lockdown, let me briefly talk about our file formats and let me introduce our new document file format.

Extension .rtsx: Legacy file format used in Royal TS V2 and Royal TSX V1 (Royal TS V3 and Royal TSX V2 can still open and save .rtsx files).

Extension: .rtsz: New file format for Royal TS V3 and Royal TSX V2

  • Smaller file size
  • Faster file access
  • Better PowerShell scripting support
  • Supports 2 Encryption Modes:
    • Passwords-Only: File is still written as structured XML file but protected properties (such as passwords or protected custom fields) are encrypted.
    • Complete-File-Encryption: The complete file is encrypted. Support for lock down scenarios (read-only, password visibility).

Lockdown Configuration

To configure Lockdown, open the Document properties and switch to the Security page (in V2 this page was called Encryption but we renamed it):

2014-10-03_17-17-40 Lockdown1

This page allows you to configure a custom encryption password for your sensitive data (such as passwords). There’s a new tab called Lockdown which provides the following features:

  • Encrypt complete file:
    You can only check this option when you specified an encryption password in the Encryption tab. With this option checked, Royal TS will encrypt all file content of your document.
  • Set Lockdown Password:
    You can only set a lockdown password when the option Encrypt complete file is checked. Click Set Lockdown Password and provide a password. To remove the Lockdown Password, leave both password fields empty.
  • Do not allow to reveal passwords in this document
    If checked, password fields from all the objects in the locked down document do not provide the reveal password and copy to clipboard button.
  • Do not allow to edit or modify this document
    If checked, the document cannot be modified. You can still open the object properties but you cannot apply the settings and you also cannot save the document.

Working with Lockdown Documents

Lockdown documents will show a padlock icon in the Navigation panel next to the document name:

2014-10-03_17-16-20 Lockdown2

The padlock icon also shows the current state (Locked or Unlocked). To unlock a document, right-click the document and select Unlock Document:

2014-10-03_17-50-58 Lockdown3

You are then prompted to enter the Lockdown password. Once the document is Unlocked, all the configured restrictions are removed until you Lock the document again – using right-click on the document.

Restrictions

To ensure that passwords cannot be easily obtained, some restrictions apply to Locked documents:

  • Replacement Tokens: Secure properties (such as $EffectivePassword$ or $CredentialPassword$) are not resolved in command tasks, key sequence tasks, connections or templates.
  • Ad Hoc Connections: Ad hoc connections are basically duplicates of the original connection which are placed in the Application document’s Ad Hoc folder. During this process, none of the secure properties are copied over to the ad hoc connection. Connections configured to use username and password will fail to logon. Connections using assigned credentials will logon successfully because there is no secure property transferred to the ad hoc connection, only the reference to an existing credential.
  • Copy/Move of Connections to other Documents: all copy or move operations from a Locked document to another document are prohibited.
  • Terminal Connection based on the PuTTY plugin: since PuTTY needs the password passed on through the command-line, we will only support auto logon for Terminal connections using the Rebex plugin.
  • VNC based on UltraVNC and TightVNC: like the PuTTY based plugin, the UltraVNC and TightVNC connections are established by passing on the password through the command-line. Auto logon for VNC connection is therefore not supported for locked down documents which do not allow to reveal passwords.
  • Web Page Connections with Auto Fill: Using secure properties (such as $EffectivePassword$ or $CredentialPassword$ in web page auto fill will not be supported when a document is locked down.
  • Scripting: Access to secure properties of locked down documents using script is also not supported.

 



Royal TS for Windows V3 – UI Changes Part 2

Royal TS V3 beta is almost feature complete and the feedback in our forums is overwhelming! There are many great discussions and a lot of constructive feedback coming in.

After some more weeks of hard work, I decided to give you an update on what we’ve been working on and what’s in it for you. Don’t forget to check out Part 1 and all the other great blog posts about our brand new product Royal Server!

The many little things

In each beta release we do some more fine tuning and improve some little things here and there. Here’s a short list of notable improvements and settings:

  • View -> Options -> User Interface -> General: Allow Animations
    In V3 we “modernized” the UI and provided also “Office-style” animations and transitions in some places. In case those animations are annoying you, you can un-check Allow Animations to disable them.
  • View -> Options -> User Interface -> Tabs: Enable Taskbar Thumbnails
    Also new, and enabled by default, tab thumbnails for each opened tab or window in the Taskbar – similar to Internet Explorer or many other tab based applications. This option allows you to revert back to the same behavior as in V2.
  • View -> Options -> User Interface -> Navigation | Lists: Enable Pixel-Scrolling
    The tree and the lists (used in the dashboards and management connection types) support smooth pixel scrolling. You disable this behavior for the navigation tree and for all lists.
  • View -> Options -> (Mouse) Events -> Tracking: Keep remotely disconnected tabs open
    This setting was recently moved to this page as it makes more sense here. In addition we improved this particular feature when used with Ad Hoc connections. If enabled, Ad Hoc connections will not be removed and can be reconnected if it was disconnected remotely. We will probably rename this page to just “Events“.
  • Smart and visual password strength indicator and password generator
    We have a dedicated blog post about that here but I thought I should mention it here as well.
  • Improved update notification and automatic installation of updates
    A very popular improvement for many users. We blogged about that a while back here.
  • Expanding and collapsing all contained folders in the Navigation tree
    Some users already noticed that one icon is missing to quickly expand and collapse all the folders in the Navigation tree. The toolbar icon wasn’t really elegant but inspired from the OS X default behavior we found a nice solution. Hold down the Shift-key while you expand a folder to also expand all the subfolders. Holding down the Shift-key while collapsing a folder, all the folders on the same level are collapsed as well. If you do this on one of the document nodes, all documents are collapsed.
  • Change the order of the documents (even in the Autostart document list)
    You can now change the order of the document by clicking the Move Up or Move Down command on the Edit ribbon tab. The Application document will still be the very last document but all the other documents can be re-arranged. The Autostart document list editor now also features a Move Up and Move Down command to control in which order those documents are opened.

Enough of boring lists now. It’s screenshot time!

External Tab Group and Context Menu

As mentioned at the end of Part 1, you can now arrange multiple tabs in an external window – and even split the group into multiple views. Since the external window (which is hosting the tab) does not have a ribbon or toolbar, we extended the context menu for tabs to provide quick and easy access to your favorite command and key sequence tasks:

TabContextMenu

Also note the last menu item “Navigate to”. Users who configured Royal TS to not track tab selection changes in the Navigation tree will love this one. It will select and scroll to the corresponding entry in the Navigation tree.

List based Dashboards and Connections

We worked hard to streamline and align the look and feel as well as the user experience in many places. Here’s an example of the dashboard showing the content of a selected folder/document with a filter:

DashboardsAndLists

Here’s an example of a Windows Services management connection with grouping:

WindowsServices

On the very left, Dashboards will show the name of the currently selected item.  Whenever it makes sense, we show some information about the list content and the current selection. Going right, you will see buttons for commands (if available) and a search box (which can be focused using CTRL + F). Further, you will see a Refresh button and a drop down menu for Options like grouping, filtering, etc.

Improved Terminal Dashboard

Another example where you will find the very same concept is the new and improved Terminal dashboard:

TerminalDashboard

The first thing to mention here is that the dashboard will initially always show the text representation of the ANSI recording or log file as soon as it is selected. You can still play back the recording using the Play button on the content toolbar. As before you can also export the selection to various formats.

Also new is the ability to search the list of files and also search the content of the log file.

Ad Hoc Protocol Identifier Support

Last but not least, we also improved a lot around Ad Hoc connections. You can now use protocol identifiers to quickly connect to the correct connection type:

AdHoc

A detailed list of supported identifiers can be found here. You can still use and combine this with the credential picker as before. Another thing to mention is that when you do not specify a protocol identifier, the drop-down menu with the connection types and templates is shown as soon as you hit the Enter key.

As you can see, a lot is going on and we still have some “bigger” features ahead. Stay tuned…



Hyper-V management with Royal TS/X and Royal Server

Remark: This blogpost belongs to a series of posts explaining Royal Server and the new connection types we have introduced with Royal TS V3 beta (for Windows) and Royal TSX V2 beta (for OS X).

Here is a complete list of our blogpost series:

 

Hyper-V management using Royal TSX and Royal Server

Royal TSX V2 beta (for OS X) is introducing basic Hyper-V management! You can list the Hyper-V instances and act on them:

  • Start/Shut down an instance
  • Save the state of an instance
  • Pause an instance
  • Connect ad hoc to an instance or the Hyper-V console
  • Create a Remote Desktop connection based on the selected instance

 

Additionally, this connection type is also used in the RDP dashboards for Royal TS/X (together with the Terminal Services management).

 

Create a Hyper-V connection in Royal TSX and Royal Server

Simply add a new Hyper-V connection to your document using the “Add” -> “Hyper-V” menu entry:

hyperv-blogpost1

Configure the name, IP, etc.:

hyperv-blogpost2

Since this Connection Type in Royal TSX is based on Royal Server you need to specify the Management Endpoint:

hyperv-blogpost3

Make sure you have the correct credentials to access the remote system configured:

hyperv-blogpost4

And you are ready to go:

 

hyperv-blogpost7

Multiple Hyper-V hosts

As with other connection types as well, you can specify more than one Computer Name (separated with semicolon) to get an aggregated view of all your Hyper-V machines. The column “Computer Name” helps you distinguish the Hyper-V hosts.

hyperv-blogpost6

Based on the result and the state of the Hyper-V instance, you can also act on the instances directly from within Royal TSX:

hyperv-blogpost8

 

Of course, the same functionality is included in Royal TS (for Windows) V3 beta:

 

2014-09-24 09_30_23-

Working with the same document in Royal TS (for Windows) V3 beta and Royal TSX (for OS X) V2 beta

We made sure, that you can use the exact same document in clients running on both platforms. They can use the same file even at the same time! Just make sure, you have configured “Merge file on save” in the document settings:

2014-09-24 09_39_59-Edit Properties_ Dev Environment

 

“Local Execution is not supported for this connection. Please assign a Management Endpoint to the connection”

You get this error in Royal TSX (for OS X) when you try to use a connection that has “No Management Endpoint selected”. In this case choose a correctly configured Management Endpoint that points to a Royal Server installation. This connection was probably created by Royal TS (for Windows) using “Local Execution (No Management Endpoint)” which works under Windows but does not under OS X (find a detailed explanation here). So if you want to fully share a document between platforms, please make sure you have a working Royal Server installation configured that is accessible from both platforms.



Royal Server support scripts

 

cleanup_installation.ps1

Two hidden gems of Royal Server can be found in the <Royal-Server-Installation-Directory>/scripts/ folder:

 

Prepare a server for accepting Management Endpoint based connections (prepare_server.ps1)

In order to manage a Windows server from Royal Server, you need to do two steps:

  1. PS-Remoting needs to be enabled
  2. If the Windows Firewall is enabled it needs to be configured correctly to allow DCOM and WMI traffic

 

Now, this is not rocket science to do and can easily be done manually. But if you have to manage a lot of servers, you will like the possibility to script this.

Check out the prepare_server.ps1 script – its doing the tasks for you. Of course it first checks, if there is something to do and asks upfront, if it should execute the config-change. The script needs to be run in an elevated PowerShell.

 

Right now, there is no version that is doing the changes without asking – in an unattended environment. If you are interested in such a script, vote for it on our support portal!

 

Uninstall Royal Server (cleanup_installation.ps1)

Royal Server is distributed via an msi package. Uninstalling should be simple, right?

Well, besides copying the files, the msi package is only installing the “Royal Server” Windows service. But there are several side effects that Royal Server has when it runs/starts up:

  1. It saves its settings in the Registry
  2. It creates a local user group “Royal Server Users” that is used for “Require Authentication”
  3. It creates a Windows event log “Royal Server Log” that is used for logging
  4. It creates a Windows Firewall rule that allows access to the configured port
  5. It creates a user settings file
  6. In the past we had issues with the msi package not fully removing Royal Server (leaving it with a generic icon in the “Installed Programs” list and unable to be uninstalled)

 

Again, the script is simple to read and you can do all these steps manually. Or, you just call cleanup_installation.ps1. For each steps, the script first checks if there is work to do and asks for permission before it changes any system state. The script needs to be run in an elevated PowerShell.

 

Since the script is part of the msi package, it will be removed, if you uninstall Royal Server. So, copy it away upfront ;)

Remark: If you have uninstalled Royal Server already, you can just extract the files from the msi without installing it with the following command:

msiexec /a <path-to-msi> /qb TARGETDIR=<target-dir>