Skip to content

Configuring a Session

The Session page on the AWI allows you to configure how a PCoIP Remote Workstation Card accepts connections from client devices. The available connection options depend on two parameters—Accept Any Peer and TLS Security Mode. The Differentiated Services Code Point (DSCP) option allows network administrators the ability to prioritize PCoIP traffic within their networks, which can also boost PCoIP network performance.

AWI Session Page
AWI Session Page

Accept Any Peer

When enabled this parameter allows any compatible clients to connect to the PCoIP Remote Workstation Card. Deselecting this setting requires you know the MAC address of a client to peer with the host card.

Peer MAC Address:

When the Accept Any Peer option is deselected, this field becomes active and allows you to specify a specific client access to connect to the Remote Workstation Card by entering the MAC address of either a Zero Client, or client host computer. If the Accept Any Peer option is enabled, this field is not required and not editable.

TLS Security Mode and Encryption Ciphers

The PCoIP data stream is always encrypted, however the PCoIP Remote Workstation Card and client must have compatible security modes to connect. The two options are:

  • Maximum Compatibility: TLS 1.2 or higher with 112-bit or higher elliptic curve encryption: This option provides maximum compatibility with clients.

  • Suite B: TLS 1.2 with Suite B compliant 192-bit elliptic curve encryption: This option offers an additional certificate option which must match the configuration on the connecting PCoIP Zero Client. The Suite B option offers the peer-to-peer certificate option for added security. The endpoints will use the AES-256-GCM cipher.

Blacklisted Cipher Suites

The Blacklisted Cipher Suites offer maximum flexibility but should not be used if possible.

The blacklist cipher suites allow an administrator the ability to disable the use of certain cipher suites due to any security concerns. The blacklist allows you to protect your system without requiring a firmware update. At least one cipher suite must remain enabled at all times.

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Peer-to-Peer Certificate

This field allows you to apply a custom peer-to-peer certificate to secure your connection with a specified client of your choice. See Peering Remote Workstation Cards to PCoIP Zero Clients for more details.

Differentiated Services Code Point (DSCP)

When enabled, the PCoIP endpoint assigns a Differentiated Services Code Point (DSCP) value determined by the transport session priority negotiation between PCoIP endpoints using proprietary algorithms, enabling intermediate network nodes to prioritize PCoIP traffic accordingly.

Remote Workstation Cards will only negotiate a medium session priority with a compatible PCoIP client and assign DSCP values as identified below.

  • DSCP value of CS3 for control traffic

  • DSCP value of AF42 for keyboard, mouse, pointer, audio

  • DSCP value of AF32 for desktop imaging, real-time virtual channels

  • DSCP value of AF12 for USB virtual channels

Enabling DSCP requires special consideration

We do not recommend enabling DSCP on Remote Workstation Cards. The purpose of enabling this setting is to reduce the workload of assigning DSCP values on PCoIP packets on network edge devices. Using this setting requires networking expertise and control over the whole link between PCoIP endpoints. See your network administrator and network device documentation for further information on using DSCP in your network.

Enable Transport Congestion Notification

Transport congestion notification is enabled to allow PCoIP endpoints to react accordingly if an intermediate network node sets the congestion notification bit in either the IP header or PCoIP transport header.