Configuring DHCP for Endpoints that use Auto Discovery¶
This section explains how to configure your DHCP server to provision endpoints with Endpoint Bootstrap Manager information.
DHCP Discovery Process
When DHCP vendor class option discovery is used, endpoints receive a DHCP option value that contains information about the PCoIP Management Console (that is, the Endpoint Bootstrap Manager/Endpoint Manager) to which they should connect. If an endpoint has already obtained a DHCP lease before the server is configured with PCoIP Management Console DHCP options, it will be updated with this information when it renews the lease or acquires a new one. An endpoint will renew its lease after a reboot or when it detects that the network has returned after going down (for example, if someone reconnects the endpoint’s network cable after unplugging one end of it).
Note: Endpoints also poll DHCP server for option values
Endpoints also poll the DHCP server for option values at an interval equal to half the DHCP lease time.
You can configure your DHCP server with vendor class options to provide the following information:
-
The PCoIP Management Console’s IP address or FQDN.
-
The PCoIP Management Console’s certificate fingerprint (digital signature). This fingerprint is required if you have not installed the PCoIP Management Console’s trusted root CA certificate (the PCoIP Management Console chain certificate) in the endpoint’s certificate store and you want to use automatic discovery. DHCP options discovery will not succeed if you do not provide a digital signature and do not configure endpoints with a certificate that enables them to trust the PCoIP Management Console. If provided, this fingerprint is only used when the endpoint’s security level is set to Low Security Environment and certificate verification has failed. It is ignored when the security level is set to Medium Security Environment or High Security Environment.
Note: Provide PCoIP Management Console information using either DHCP options or DNS records
The endpoint only picks up the fingerprint in a DHCP option if the PCoIP Management Console address is also specified in a DHCP option. For example, if the PCoIP Management Console address is specified as a DNS SRV record but the fingerprint is provided as a DHCP option, the endpoint will not retrieve the fingerprint information in the DHCP server. You should configure PCoIP Management Console information using either DHCP options or DNS records, but not both.
This discovery method requires you to have a DHCP server in your network that meets the following requirements:
-
The DHCP server must support both DHCP option 60 (vendor class identifier) and option 43 (vendor-specific information). Option 60 is sent from the endpoint to the DHCP server. It contains a text string that uniquely identifies the endpoint type. Option 43 is created by the user. The steps provided in the sections that follow show how to create a DHCP option 43 called PCoIP Endpoint along with two sub-options under it— EBM URI (sub-option 10) and EBM X.509 SHA-256 fingerprint (sub-option 11).
-
The PCoIP endpoints must have DHCP enabled so they can send a request to the DHCP server and receive the address of the PCoIP Management Console in response. This is their default setting.
Before You Begin¶
These instructions explain how to create a PCoIP Endpoint vendor class and how to create two DHCP options (sub-options 10 and 11) that provide PCoIP Management Console information to the PCoIP Endpoint.
Note: Skip adding vendor class if you have previously configured PCoIP Endpoint vendor class
If you have used DHCP vendor class option discovery with a previous 1.x release of the PCoIP Management Console and have already configured your DHCP server with the PCoIP Endpoint vendor class, you can skip the following section entitled Adding the PCoIP Endpoint Vendor Class.
Before beginning, you should have the following information handy:
-
The PCoIP Management Console’s IP address or FQDN. In the following example, this address is configured in a DHCP sub-option called EBM URI.
-
The PCoIP Management Console certificate SHA-256 fingerprint. In the following example, this hash value is configured in an optional DHCP sub-option called EBM X.509 SHA-256 fingerprint.
To locate the PCoIP Management Console’s fingerprint:
-
Use Mozilla Firefox to log in to the PCoIP Management Console web interface.
-
Click the padlock icon in the browser’s address bar.
-
Click More Information.
-
Click View Certificate.
-
In the Fingerprints section, copy and paste the SHA-256 fingerprint into a text editor.
Note: Examples shown use Windows Server 2012 R2
The instructions provided may change slightly depending on your specific server version.
Adding the PCoIP Endpoint Vendor Class¶
To add the PCoIP DHCP vendor class to your DHCP server:
-
Log in to your Windows Server and select DHCP.
-
Right-click on your DHCP server in the SERVERS pane and select DHCP Manager.
-
Expand your server in the tree, right-click on IPv4, and then select Define Vendor Classes.
-
Click Add to add a new DHCP Vendor Class.
-
Enter PCoIP Endpoint in the Display name field.
-
Enter PCoIP Endpoint in the ASCII column as the Vendor ID.
-
Click OK to save and close the dialog.
Configuring DHCP Options¶
To add two PCoIP Management Console DHCP options and apply them to a scope:
-
Right-click on IPv4 in the tree and select Set Predefined Options.
-
Select PCoIP Endpoint as the Option class and click Add.
-
In the Option Type dialog, enter the name EBM URI, data type String, code 10, and description Endpoint Bootstrap Manager URI, then click OK.
-
Click OK to save and close the dialog.
-
For the PCoIP Management Console’s SHA-256 certificate fingerprint, repeat steps 1 and 2 to add another option.
-
In the Option Type dialog, enter the name EBM X.509 SHA-256 fingerprint, data type String, code 11, and description EBM X.509 SHA-256 fingerprint, then click OK.
-
Expand the tree for the DHCP scope to which you want to apply the options.
-
Right-click Scope Options and select Configure Options.
-
Click the Advanced tab and select the PCoIP Endpoint vendor class.
-
Enable the check box for 010 EBM URI and then enter a valid Management Console URI in the Data entry field, and click Apply.
This URI requires a secured WebSocket prefix (for example, wss://
:[port number]. The PCoIP Management Console’s listening port is 5172. Entering this port number is optional. If you do not include it, port 5172 will be used by default. -
Choose the checkbox for 011 EBM X.509 SHA-256 fingerprint and paste the PCoIP Management Console certificate SHA-256 fingerprint you obtained previously into the String value field.
-
Click OK to save and close the dialog.