The smart ThinClient solution

As the requirements of new software and operating system versions on hardware constantly increase, PCs often have to be replaced after three, at the latest five years. A judicious alternative is to switch to a terminal server or virtual desktop infrastructure (VDI). The ECOS SECURE BOOT OS allows repurposing existing PCs as performant thin clients, thus extending their lifecycle and easing IT budgets.

[Bitte in "Englisch" übersetzen:] Workflow ECOS Secure Boot OS

ECOS SECURE BOOT OS replaces the existing operating system with the lean, particularly secure and performant ECOS Secure Linux operating system. All applications that are required to access a terminal server or a virtual desktop infrastructure are already included.

The conversion of a workstation PC into a high-performance thin client is almost fully automated. The computer receives the required image via PXE boot from a central server.
After further confirmation, the hard disk is formatted and ECOS Secure Linux is installed with all applications needed. For the conversion into a thin client, the devices to be rolled out only need to be released based on the MAC address. This process can be performed through the central management, the affiliated Active Directory or another directory service.

The ECOS SECURE BOOT OS is based on the same technology as the ECOS SECURE BOOT STICK®, which has been tried and tested for over 12 years. It offers numerous security mechanisms to protect a PC against potential attacks and spying attempts. The specially hardened ECOS Secure Linux contains only those parts of the operating system that are strictly required to operate a PC as thin client. As protection against manipulation and malware, firmware and applications are stored on a write-protected and encrypted partition. Besides, all components are digitally signed and validate each other in a chain of trust. Any attempt to compromise the file system or foist an infected client will result in an immediate shutdown of the computer.
The ECOS SECURE BOOT OS additionally supports the authentication standard IEEE802.1x to ensure that only legitimized clients will be able to connect to the infrastructure. The required certificates can be issued by the CA, which is integrated in the ECOS System Management, or by coupling an already existing PKI. The cascading of numerous security measures makes ECOS SECURE BOOT OS a highly secure operating system and thus replaces local virus scanners and other measures.

The ECOS SYSTEM MANAGEMENT APPLIANCE allows to centrally administrate and update all end devices. It is thus possible to define very granularly on a user, group or role level who has access to which destination system and who may store data locally or print documents from a session if required. Upcoming updates of the operating system and applications are rolled out by the local update server of the System Management Appliance. Updates can be released by the administrator for particular users, groups or all users. The management appliance can be easily integrated into the existing infrastructure by coupling it to Active Directory or other directory services, thus allowing a synchronization of users and rights. Additionally, the system includes a smart report editor, which offers the possibility to create individual or predefined evaluations. The ECOS SYSTEM MANAGEMENT APPLIANCE is a virtual appliance and operable under VMware, Microsoft Hyper-V, Citrix XenServer, Oracle VM Virtualbox or Linux KVM.

The lean ECOS SECURE BOOT OS allows booting the computer particularly quickly and is immediately ready for use. The user can select the desired system or application in a user-friendly interface, which will then direct him to his familiar work environment. As the user interface is reduced to the essentials, the system proves to be easy to use and error-proof. Necessary updates are completely performed in the background and without disturbing users. The long wait for the PC to boot up or the sheer endless processing of pending patches finally belong to the past.

The ECOS SECURE BOOT OS allows companies to ease IT budgets significantly. Contributing factors are the up to 3-fold extension of the PC lifecycle, the savings on further endpoint security measures as well as the reduction of support efforts thanks to a lean operating system. From the user's perspective, the solution significantly increases productivity at work thanks to the fast booting and the background updates.

The installation of the ECOS SYSTEM MANAGEMENT APPLIANCE and ECOS SECURE BOOT OS can be enhanced by the ECOS SECURE BOOT STICK at any time. Private PCs can thus be used at home or on the move in potentially insecure environments while still meeting the highest security requirements.

  • Installation through automatized PXE boot process
  • Hardened ECOS Secure Linux Operating System
  • Drivers for PCs from Pentium III on or AMD Athlon
  • UEFI Secure Boot support
  • Multi-monitor support
  • Applications:
  • RDP Client, Citrix Receiver, VMware Horizon, VNC, TeamViewer, Firefox, with/without Java support
  • Supported Destination Systems:
  • Microsoft Terminal Server
  • Citrix (XenApp, XenDesktop)
  • VMware Horizon (RDP, PCoIP, Blast) or
  • Web server


  • Certificate-based IEEE802.1X authentication
  • User profiles for access to various applications/servers
  • Use of local resources after approval by admin
  • – ext. USB storage devices
  • – Local printers
  • Write-protected partition for firmware and applications
  • 256 BIT AES encryption of firmware, applications and user parameters
  • Digitally signed bootloader/s, firmware and applications
  • – Signature verification in chain-of-trust procedure
  • Remote firmware updating
  • Software in German and English (pre-configurable)
  • Central management (ECOS SYSTEM MANAGMENT APPLIANCE)
  • – Access rights at user group and role level
  • – Synchronization with AD or others directory services
  • – Own CA or coupling to existing PKI
  • – Smart Reports, Integrated DHCP and TFTP server for PXE installation

International

Tel: +49 (6133) 939-200