Peering Remote Workstation Cards to PCoIP Zero Clients¶
PCoIP Remote Workstation Cards are the only PCoIP hosts that can be peered (paired) to PCoIP Zero Clients using custom certificates to establish a PCoIP peer-to-peer connection that is unique to your environment. This optional but recommended configuration allows for a more secure connection than the default connection.
The custom peer-to-peer certificate and the root certificate (Root CA) or issuing certificate (Issuing CA) must be present in both the Zero Client and Remote Workstation Card certificate store. The custom certificate must then be applied to the Peer-to-Peer Certificate field in the AWI Configuration > Session page and have the correct TLS Security Mode selected. Only certificates that match the selected TLS Security Mode option are displayed. Suite B is used in environments requiring Suite B-compliant cryptography. See Encrypting PCoIP Session Negotiation with PCoIP Hosts for further information on encryption suites.
Support for Peer-to-Peer Certificates
-
The peer-to-peer connection using certificates supports connections between PCoIP Zero Clients and Remote Workstation Cards only.
-
Peer-to-peer certificates can also be requested via SCEP. If using SCEP, the certificate will automatically be selected in the Advanced Session Configuration page. See Obtaining Certificates Automatically Using SCEP.
Important: OCSP (Online Certificate Status Protocol)
OCSP (Online Certificate Status Protocol) is currently not supported for custom peer-to-peer certificates
To configure a peer-to-peer connection from a PCoIP Zero Client:¶
-
Upload both your custom peer-to-peer certificate and your root certificate to your Remote Workstation Card certificate store. See Uploading Certificates for details.
PCoIP Zero Client Certificate
Ensure the desired trusted certificate is uploaded to the connecting PCoIP Zero Client certificate store.
-
From the AWI Session page select whether one client or multiple clients can connect to your Remote Workstation Card.
-
Select Accept Any Peer if you want any properly configured PCoIP Zero Client to be able to connect to your Remote Workstation Card.
-
De-select Accept Any Peer and enter the Peer MAC Address of the specific PCoIP Zero Client you want connecting to your Remote Workstation Card.
-
-
Select the TLS Security Mode you wish to use. (the Zero Client must match this mode)
-
Select the correct Peer-to-Peer Certificate from the drop down list. (If it is not displayed, you have not yet uploaded it to the certificate store)
-
Select Apply and then Continue.
Notes
-
If a custom peer to peer certificate is applied and a connection is made, and the custom certificate is removed from the certificate store on either endpoint, a subsequent connection will not establish.
-
A connection reset is required before changes take affect.