Skip to content

Configuring the PCoIP Connection Manager and PCoIP Security Gateway

You can configure the PCoIP Connection Manager and/or the Security Gateway using the pcoip-cmsg-setup configure command.

The general syntax is:

sudo pcoip-cmsg-setup configure <flags>

For example, to specify a broker url, you would open a console window and enter the following:

sudo pcoip-cmsg-setup configure --broker-url https://<example>

Configuration Flags and Options

The following flags can be used to provide values at the command line.

Flag                                                        Type Description
--broker-url String The URL of the PCoIP Broker, specified either as a https://: or https://: or https://[]:.
Required.
--clear-host-address Boolean Clears the host address.
--ca-cert String The full path and filename of the custom Certificate Authority's public certificate to be used in the PCoIP Connection Manager and PCoIP Security Gateway.
Required if --self-signed is not used.
--clear-trusted-license Boolean Clears trusted license certificate and key.
--compose-file String Specify the full path to a local docker-compose file.
--docker-password String Password to login to private registry.
--docker-registry String Specifies the HP source for Anyware Connector images to be install from.
Debugging only: This is intended to be used for debugging purposes and should not be used without guidance from HP support. Using this flag incorrectly can result in failed installations.
--docker-username String Username to login to private registry.
--enable-collaboration Boolean Allow multiple PCoIP clients to collaborate on a PCoIP agent. (default true)
--external-pcoip-ip StringArray Sets the public IP addresses of VM which hosts Security Gateway. This option can be used twice, once for IPv4 and once for IPv6 (if using).
Required if PCoIP Security Gateway is enabled.
--help Display configuration help.
--host-address stringArray Sets the host FQDN/IP address. The option may be used twice (once for the IP address and once for the FQDN)
--license-server-url String The address of the locally installed PCoIP License Server.
Example: https://<license-server-address>:<port>
--ssl-cert String The full path and filename of the SSL certificate to be used in the PCoIP Connection Manager and PCoIP Security Gateway.
Required if --self-signed is not used.
--ssl-key String The full path and filename of the SSL key to be used in the PCoIP Connection Manager and PCoIP Security Gateway.
Required if --self-signed is not used.
--trusted-license-cert String Trusted Customer License certificate path. Defaults to /opt/teradici/pcoipcm_data/certs/tcl-cert.crt).
--trusted-license-cert-key String Trusted Customer License certificate key path. Defaults to /opt/teradici/pcoipcm_data/certs/tcl-cert.key.
--docker-network-cidr String Sets CIDR for Connection Manager's docker network for services.
--enable-horizon Boolean Enables/Disables HP Anyware to be brokered with VMware Horizon (Default=false).
--external-sg-ip StringArray Sets public IP addresses of external Security Gateways to enable gateway failover if a Security Gateway becomes unavailable. IP address should be provided in the format --external-sg-ip=ipAddr1 --external-sg-ip=ipAddr2...
--jwt-verifying-cert String The full path and filename of the certificate that the Security Gateway should use to validate the JWT token.
--jwt-signing-key String The full path and filename of the key to sign a JWT. It is used by the Connection Manager for signing the JWT token.

Federated Authentication Flags

Flag                                                        Type Description
--enable-oauth Boolean Enables Oauth authentication. (Default=False)
--id-provider-url String Sets the identity provider URL. Example: --id-provider-url https://provider-1234567890.id.provider.com.
This flag is required if --enable-oauth is true.
--oauth-client-id String Gets the Client ID from the Identity Provider.
This flag is also required if --enable-oauth is "true".

Federated Authentication Single Sign-On Flags

Flag                                                        Type Description
--fa-url String Override the fhe Federated Auth Broker URL provided to the PCoIP Agent. This flag can be used if auto-detection is not correcting determining the connector address. for example https://cac-vm-fqdn:port
--enable-sso Boolean Enables SSO. (Default=False)
--sso-signing-csr-ca String Path to copy intermediate CA Certificate.
--sso-signing-csr-key String Path to the intermediate key.
--sso-signing-crl String Path to a certificate revocation list.
--sso-enrollment-url String Gets the URL to the Active Directory Certification Authority Web Enrollment Service.
--sso-enrollment-domain String Domain of the user to access Active Directory Certification Authority Web Enrollment Service.
--sso-enrollment-username String Username for accessing Active Directory Certification Authority Web Enrollment Service.
--sso-enrollment-password String Password for the username to access Active Directory Certification Authority Web Enrollment Service.
--sso-enrollment-certificate-template-name String Name of the certificate template that Active Directory Certification Authority Web Enrollment Service uses to sign CSR.