About PCoIP Remote Workstation Card Management Security Levels¶
There are three available management security level settings in the PCoIP Remote Workstation Card: low, medium, and high. These settings determine whether the PCoIP Remote Workstation Card can be discovered by an endpoint manager, how an endpoint manager can be discovered by the PCoIP Remote Workstation Card, and also dictate whether a certificate must be installed in the PCoIP Remote Workstation Card for discovery to succeed.
The management security level is configured on the Management page of the AWI (see Configuring the Management State). Detailed instructions for allowing discovery under most scenarios, including security level settings, are described in Configuring Endpoint Management Discovery Methods.
The general implications of each security mode are summarized in the following table and described in detail next.
Discovery Mode definition
The Discovery Mode setting on the Management page, described here, configures how endpoint managers are discovered by the PCoIP Remote Workstation Card.
Discovery in this context does not refer to discovery of the PCoIP Remote Workstation Card by endpoint managers. For instructions on having an endpoint manager discover your PCoIP Remote Workstation Card, see Configuring Endpoint Management Discovery Methods.
The following table shows the Remote Workstation Card behavior in the three management security modes.
No High Security Automatic Discovery
In high security mode, there is no automatic discovery of the management tool by the Remote Workstation Card.
| Behavior | Low Automatic |
Low Manual |
Medium Automatic |
Medium Manual |
High Manual |
|---|---|---|---|---|---|
| Can be discovered by endpoint managers | |||||
| Can automatically discover endpoint managers using DNS | :fa-xmark | :fa-xmark | :fa-xmark | ||
| Can trust endpoint managers using DNS or DHCP | :fa-xmark | :fa-xmark | :fa-xmark | :fa-xmark | |
| Can manually connect to endpoint managers | :fa-xmark | :fa-xmark | |||
| Can trust endpoint managers using an installed certificate |
Low Security Mode¶
In low security mode, both automatic and manual discovery methods are available. Certificates are not required in automatic manager discovery mode if the DNS server is configured to provision the PCoIP Remote Workstation Card with the URI of the endpoint manager's bootstrap server and its certificate fingerprint.
In automatic discovery mode the PCoIP Remote Workstation Card:
-
can use DNS or DHCP to automatically discover endpoint managers.
-
is discoverable by endpoint managers.
-
can use DNS to trust the endpoint manager. DNS must be configured to provision your endpoint with the URI and certificate fingerprint of the endpoint manager’s bootstrap server.
DNS server configuration information
For details about how to configure your DNS server for automatic discovery, see the PCoIP® Management Console Administrators’ Guide.
In manual discovery mode:
-
the endpoint must be manually configured with the endpoint manager’s bootstrap server URI.
-
the endpoint is discoverable by endpoint managers.
-
the endpoint does NOT require an installed certificate to trust the endpoint manager.
Certificates installed on the endpoint
If a certificate for the endpoint manager has not previously been installed by an endpoint manager in the endpoints certificate store, one must be installed by the endpoint manager or AWI. See Using an Endpoint Manager.
Medium Security Mode¶
In medium security mode, the PCoIP Remote Workstation Card cannot be discovered by endpoint managers. The PCoIP Remote Workstation Card can discover endpoint managers automatically or manually. Certificates are required in medium security mode.
Certificates installed on the endpoint
If a certificate for the endpoint manager has not previously been installed by an endpoint manager in the endpoints certificate store, one must be installed by the endpoint manager or AWI. See Using an Endpoint Manager.
In automatic discovery mode the PCoIP Remote Workstation Card:
-
can use DNS or DHCP to automatically discover endpoint managers.
-
is not discoverable by endpoint managers.
-
must have an installed certificate to trust the endpoint manager.
In manual discovery mode the PCoIP Remote Workstation Card:
-
is not discoverable by endpoint managers.
-
must be manually configured with the endpoint manager’s bootstrap server URI.
-
must have an installed certificate to trust the endpoint manager.
High Security Mode¶
In high security mode, the discovery bootstrap phase is disabled.
All settings must be manually configured, and certificates are required.
- cannot use DNS or DHCP automatic discovery.
Certificates installed on the endpoint
If a certificate for the endpoint manager has not previously been installed by an endpoint manager in the endpoints certificate store, one must be installed by the endpoint manager or AWI. See Using an Endpoint Manager.
In manual discovery mode the PCoIP Remote Workstation Card.
-
is not discoverable by endpoint managers.
-
must be manually configured with the endpoint managers’ internal (and, optionally, external) URI.
-
must have an installed certificate to trust the endpoint manager.