Connecting from a PCoIP Zero Client¶
Before connecting a Zero Client to a Remote Workstation Card on a LAN, ensure you have reviewed the following requirements:
-
The Remote Workstation Card and host computer NIC are plugged into the same network.
-
The PCoIP Zero Client and Remote Workstation Card are using compatible security encryption. See Configuring a Session.
-
For high security environments, peer the PCoIP Zero Client and Remote Workstation Card using a Peer-to-Peer certificate configuration. See Peering Remote Workstation Cards to PCoIP Zero Clients for details.
-
Ensure the Remote Workstation Card and PCoIP Zero Client have compatible firmware versions identified in the release notes.
-
For information on how to assign a firmware file to a profile using the Management Console, see Management Console Administators' Guide
-
For information on how to upload firmware to a single host or client using the AWI, see Uploading Firmware.
-
For the best user experience with all the latest features, ensure the following prerequisites are met:
-
The networks between the Remote Workstation Card and PCoIP Zero Client are properly configured and optionally have a 1 Gb connection between them for a better experience.
-
The PCoIP Remote Workstation Card Software for Windows or Linux is installed on the host PC.
- The Remote Workstation Card Software requires the Host Firmware Function be enabled. You can enable this setting by logging in to the Remote Workstation Card from the AWI page—Configuration > Host Driver Function
-
The host PC power cable is connected if you are wanting to power off the host computer via the Zero Client.
To establish a LAN connection:
-
On the PCoIP Zero Client select Connecting direct to host or Connecting using SLP host discovery
-
From the Remote Workstation Card's AWI configure the Session connection type to accept a connection from any peer or enter the MAC IP address of the connecting PCoIP Zero Client.
-
If required for high security environments, peer the PCoIP Zero Client and Remote Workstation Card using a Peer-to-Peer certificate configuration. See Peering Remote Workstation Cards to PCoIP Zero Clients for details.
Connect Remotely Using Virtual Private Network (Recommended)¶
The decision to deploy a VPN should be weighed against alternative approaches such as using NAT devices.
The figure below shows a PCoIP session between a PCoIP Zero Client and Remote Workstation Card over a hardware VPN.
PCoIP Zero Client to Remote Workstation Card over WAN
A VPN is necessary when connecting the following PCoIP endpoints over the Internet.
-
PCoIP Zero Client to a Tera2 Remote Workstation Card when the installed firmware in these devices is prior to release 4.1.0
-
PCoIP Zero Client or Software Client to a Tera2 Remote Workstation Card when the enterprise NAT device/gateway cannot implement the required IP address and port translation
-
PCoIP Software Client to a Remote Workstation Card when the Remote Workstation Card Agent is not installed
-
PCoIP Software Client to a Remote Workstation Card when the client software host PC has no VPN software installed.
To establish the connection:
-
At the home network, install a VPN endpoint device (e.g., a router) and establish a VPN session between the endpoint device and the enterprise VPN gateway. For information on how to set up the VPN, please see the documentation for your device.
-
Configure the enterprise VPN gateway/firewall/NAT device to allow IPsec ESP traffic, and also traffic on UDP port 4172 for the PCoIP data stream and on TCP port 4172 for the TCP handshake.
-
From the PCoIP Zero Client's AWI:
-
Configure the Direct to Host session connection type, and enter the IP address of the Remote Workstation Card.
-
Configure the address of the home VPN endpoint device as the default gateway.
-
Set the packet MTU to be less than or equal to the largest size supported by the VPN tunnel.
-
Peer the Zero Client to the Remote Workstation Card. See Peering Zero Clients to Remote Workstation Cards
-
-
From the Remote Workstation Card's AWI:
-
Configure the Session connection type.
-
Set the packet MTU to be less than or equal to the largest size supported by the VPN tunnel.
-
-
If necessary, adjust bandwidth and image parameters on both the host and client to optimize performance.
For information on optimizing networks for WAN connections, please log in to the Support Site and see the following Knowledge Base topics:
-
Packet size (MTU) settings: KB 1685
-
Bandwidth settings: KB 1422
-
Image settings: KB 1107
-
Windows desktop experience optimization: KB 1359
Connect Remotely Using Network Address Translation with Custom Peer-to-Peer Suite B Certificates¶
You can have single or multiple PCoIP Zero Clients and Remote Workstation Cards connected behind NAT devices when using custom Peer-to-Peer Suite B certificates. This method applies only to Tera2 devices that employ UDP-encapsulated IPsec ESP encryption.
Custom Peer-to-Peer Certificates
Custom Suite B Peer-to-Peer certificates are required to ensure the most secure connections available and is the recommended method when using a NAT configuration. For certificate information see Creating and Applying Custom Certificates
Example IP addresses
The IP addresses used in the following figures are intended as example addresses only.
Scenario 1: Connecting a PCoIP Zero Client to a Remote Workstation Card (WAN).¶
This scenario requires you to configure network address translation (NAT) devices with the necessary IP address and port translation at both ends of your network. This scenario describes a single connection from a PCoIP Zero Client to a dedicated Remote Workstation Card located in a different area across the WAN.
PCoIP Zero Client to Remote Workstation Card over WAN
To establish the connection perform the following steps:
-
Configure the client side NAT device to redirect TCP/UDP port 4172 to the PCoIP Zero Client.
-
Configure the host side NAT device to redirect TCP/UDP port 4172 to the Remote Workstation Card.
-
Ensure you have a custom Suite B certificate to peer your PCoIP Zero Client to Remote Workstation Card. See Creating and Applying Custom Certificates.
-
From the PCoIP Zero Client's AWI, configure the Peering Zero Clients to Remote Workstation Cards, and enter the IP address of the destination enterprise NAT device.
-
From the Remote Workstation Card's AWI configure Peering Remote Workstation Cards to PCoIP Zero Clients.
Scenario 2: Multiple PCoIP Zero Client Sessions over WAN¶
This scenario requires you to configure network address translation (NAT) devices with the necessary IP address and port translation at both ends of your network.
NAT
In this scenario, an enterprise-level NAT device is required in both the source and destination networks.
Multiple PCoIP Zero Client Sessions over WAN
To establish the connection perform the following steps:
-
Configure the source enterprise NAT device (203.0.0.1) to translate IP address and ports as follows:
192.168.0.1:4172 to 203.0.0.1:4172
192.168.0.2:4172 to 203.0.0.1:4173
192.168.0.3:4172 to 203.0.0.1:4174 -
Configure the destination enterprise NAT device (144.0.0.1) to translate IP addresses and ports as follows:
144.0.0.1:4172 to 10.0.10.1:4172
144.0.0.1:4173 to 10.0.10.2:4172
144.0.0.1:4174 to 10.0.10.3:4172 -
Ensure you have a custom peer-to-peer Suite B certificate ready to use to peer your PCoIP Zero Client to Remote Workstation Card. See Creating and Applying Custom Certificates.
-
From the PCoIP Zero Client's AWI configure the Peering Zero Clients to Remote Workstation Cards, and enter the IP address of the destination enterprise NAT device.
-
From the Remote Workstation Card's AWI configure Peering Remote Workstation Cards to PCoIP Zero Clients.
-
On your firewall or router, allow both TCP and UDP traffic on the ports you have configured in your NAT devices (4172+).
-
If necessary, adjust bandwidth and image parameters on both the host and client to optimize performance.
For more information on how NAT applications work with PCoIP, please log in to the support site and view KB 1623.