0% found this document useful (0 votes)

96 views266 pages

Management Console 19.11 Administrators Guide 2

Uploaded by

DeBrastagi Pulse

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

96 views266 pages

Management Console 19.11 Administrators Guide 2

Uploaded by

DeBrastagi Pulse

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 266

PCoIP Management Console Administrators' Guide

Welcome to the PCoIP Management Console Administrators' Guide.

The PCoIP Management Console is an Enterprise level management software appliance that
allows ease of management of PCoIP endpoints through a single interface. With Management
Console Enterprise, administrators can quickly and easily provision new devices, peer PCoIP Zero
Clients with Remote Workstation cards, report on inventory, review metrics, configure settings, and
update firmware from a single console

Who Should Read This Guide?

This guide is intended for IT administrators who are installing and using this release of PCoIP
Management Console to discover, configure, and manage zero client and remote workstation card
endpoints.

 Note: Understanding terms and conventions in Teradici guides

For information on the industry specific terms, abbreviations, text conventions, and graphic symbols used in this
guide, see Using Teradici Product and Component Guides and the Teradici Glossary.

Package Contents

The PCoIP Management Console OVA package zip file contains the following files:

File Name Description

EULA(<Date>)TER1609005.pdf Teradici PCoIP Management Console End User License Agreement (EULA)

mc_va-<version>.ova Teradici PCoIP Management Console OVA file for the virtual machine that hosts
the PCoIP Management Console

The PCoIP Management Console RPM package zip file contains the following files:

File Name Description

EULA(<Date>)TER1609005.pdf Teradici PCoIP Management Console End User License Agreement (EULA)

mc_va-<version>.rpm Teradici PCoIP Management Console RPM file for hosts that run PCoIP
Management Console using the Linux operating system

PCoIP Management Console Overview

Welcome to the Teradici PCoIP® Management Console Administrators' Guide. This

documentation explains how to install and use your PCoIP Management Console to discover,
configure, and manage your zero client and remote workstation endpoints.

This release works with the Tera2 PCoIP Zero Client (firmware 5.0 and later) and Tera2 PCoIP
Remote Workstation Cards (firmware 5.0 and later). For more information about these PCoIP
endpoints, see the Tera2 PCoIP Zero Client Firmware Administrators’ Guide and Tera2 PCoIP
Remote Workstation Card Firmware Administrators’ Guide.

 Support for Tera2 PCoIP Zero Client and Remote Workstation Card firmware 4.x and earlier

If you are using PCoIP firmware 4.x or earlier, the corresponding PCoIP Management Console is version 1.x. See
PCoIP Management Console 1.x User Manual for details.

PCoIP Management Console provides IT administrators with a browser-based console for

managing PCoIP endpoints. You can quickly provision new endpoints, configure settings, and
update firmware.

Based on Teradici’s Management Protocol, the PCoIP Management Console delivers a secure and
reliable way to configure and manage the endpoints in your PCoIP deployment.

PCoIP Management Console enables you to organize and manage PCoIP endpoints and their
configurations in groups. Using PCoIP Management Console, you can:

• Display the status, health, and activity of your PCoIP deployment at a glance

• Discover endpoints in a variety of ways and automatically name and configure them

• Organize endpoints into multi-level groups

• Schedule firmware and configuration updates to endpoints based on their groups

• Reset endpoints to factory defaults and control their power settings

• Use custom certificates to secure your PCoIP system

PCoIP Management Console is packaged in a variety of formats for easy deployment. These
formats are:

• OVA: An Open Virtual Appliance (OVA) format for quick and easy deployment on a VMware
Horizon ESXi host

• AMI: An Amazon Machine Image (AMI) format for services delivered using Amazon Elastic
Compute Cloud (EC2)

• RPM: Red Hat Package Manager (RPM) format to allow for efficient updates using any one of
a variety of Linux operating system.

About PCoIP Management Console Releases

PCoIP Management Console underwent an architecture change since release 2.0 which is not
compatible with all releases of endpoint firmware.

The following information identifies which firmware versions to use with your PCoIP Management
Console deployment.

• PCoIP Management Console 3.x and higher manages Tera2 Zero Clients using firmware 5.x or
later, and Remote Workstation Cards using firmware 5.0.1 or later.

• PCoIP Management Console 1.10.manages Tera2 Zero Clients and Remote Workstation
Cards using firmware up to and including 4.9.

Teradici recommends using the latest firmware versions available at the time of Management
Console release.

PCoIP Management Console Recommended Zero Client Recommended Remote Workstation Card
Release Firmware Firmware

19.11 6.5 5.1

1.10 (technical guidance) Up to 4.8.2 Up to 4.9

 Important: Legacy products

PCoIP Management Console 1.10.8 has entered Technical Guidance and Tera1 products are end of life. See the
Teradici product lifecycle table for further details.

In this guide, references to PCoIP Management Console will refer to the current release unless
other releases are specifically identified.

PCoIP Management Console Modes

PCoIP Management Console is one product that operates in two modes—Enterprise and Free.
PCoIP Management Console Enterprise requires activating a valid license to operate in Enterprise
mode. The banner on the PCoIP Management Console’s web interface identifies which mode you
are running.

This document discusses both modes of operation and indicates differences in the features as
they are introduced.

For information about PCoIP Management Console Free, license offers, term lengths, trial licenses,
and the Teradici Support and Maintenance program see on the Teradici web site. For more
information about the differences between the two modes of operation. See Comparison of PCoIP
Management Console Enterprise and PCoIP Management Console Free.

The Web User Interface provides the user with some useful information that new users to
Management Console will find helpful.

1. Banner indicating if the version of Management Console is Free or Enterprise.

2. Installed release number in use.

3. Information on how to obtain Enterprise information

4. Links to documentation

PCoIP Management Console Free

PCoIP Management Console Free enables a single administrative user to manage a basic
deployment of up to 100 endpoints, as well as to upgrade firmware, manage configuration profiles,
and discover endpoints.

PCoIP Management Console Enterprise

PCoIP Management Console Enterprise enables large enterprise deployments to manage up to

20,000 endpoints from a single console as well as to upgrade firmware, manage configuration
profiles, discover endpoints, schedule actions and configure remote endpoints. PCoIP
Management Console Enterprise supports multiple administration users and includes the
assurance of support and maintenance for Tera2 endpoint firmware. PCoIP Management Console
Enterprise is available through Teradici All Access subscription. PCoIP Management Console
Enterprise reverts to Free mode when all licenses expire.

Comparison of PCoIP Management Console Enterprise and PCoIP Management Console Free

Feature Name Enterprise Free

Authentication Active Directory (LDAP/LDAPS) Local

Local

User Access Multiple Users Single System Administrator

User Roles (System Administrator,
Administrator)

Active Directory LDAP N/A

Authentication LDAPS
Active Directory Groups

Number of devices Up to 20,000 Up to 100

supported

Supported device types Tera2 PCoIP Zero Clients Tera2 PCoIP Zero Clients
Tera2 PCoIP Remote Workstation Tera2 PCoIP Remote Workstation Cards
Cards

Feature Name Enterprise Free

Device discovery DNS SRV records DNS SRV records

DHCP options DHCP options
Manual discovery Manual discovery
Manual entry Manual entry

Autoconfiguration IP address N/A

Password
Generic tag

Scheduling One time N/A

Daily & weekly recurring
Delaying reboots

Dashboard General deployment General deployment

SCEP N/A
Schedule N/A
Auto Configuration N/A

Compatible firmware Tera2 PCoIP Zero Client firmware Tera2 PCoIP Zero Client firmware 5.0 and later
versions 5.0 and later Tera2 PCoIP Remote Workstation Card
Tera2 PCoIP Remote Workstation firmware 5.0 and later
Card firmware 5.0 and later

Device inventory Yes No

reports

Security Configurable Management Management Console User Session Timeout

Console User Session Timeout setting set to 10 minutes and not configurable.
setting

Remote Endpoint Yes No

Configuration

Peering of endpoints Yes No

Support & Paid support included Complimentary support

Maintenance

Quick Links

The following links contain information you will need when you first download and install the
PCoIP Management Console:

• For information about deployment platforms, system specifications, browser compatibility,

and PCoIP endpoint firmware specifications, see System Requirements.

• For instructions on how to activate your license, see Managing Licenses Online.

• For instructions on how to get up and running quickly, see Installing the PCoIP Management
Console and Configuring Your System.

• For instructions on how to migrate your PCoIP Management Console 1 to PCoIP Management
Console release 2.x or later, see Migrating from PCoIP Management Console 1.

Where to Find Information about Other

Components

This guide describes the PCoIP Management Console.

For tips and suggestions to get the best experience from your PCoIP endpoint deployment:

• PCoIP Session Planning Guide

For more information about PCoIP endpoints managed by PCoIP Management Console, see either
of the following:

• Tera2 PCoIP Zero Client Administrators' Guide

• Tera2 PCoIP Remote Workstation Card Administrators' Guide.

What's New in this Release

PCoIP Management Console release 19.11 offers new feature additions, and user interface
changes over past releases and are described in this section.

 Info: Information on previous releases

For features and release details associated with previous releases of the PCoIP Management Console, consult the
Teradici PCoIP Management Console Life Cycle Table.

Feature Additions or Changes

Account Lockout Changes

A Management Console user is now locked out for a period of 30 minutes when 6 consecutive
failed login attempts occurred within 30 minutes

Added User Principal Name (UPN) support

Users can now use UPN names to log into Management Console

Automatic Change to Management Console Free

Management Console will automatically change to Free mode once all your Management Console
Licenses expire

Generic Tag and Device Description endpoint properties

Generic Tag and Device Description Endpoint Properties have been added to both the endpoint
properties and filtering options.

General Availability of Management Console RPM

Management Console RPM is now out of technical preview and is a General Availability offering

Added Audio to Profile options

Profile can now enable Audio Opus Codec and Dual Audio Output

Security Enhancements

• This release contains improvements and enhancements around the security and stability of
the Management Console.

• An unauthenticated user can no longer access the Management Console to reset the Admin
password (MC 19.11.2)

• Added SSH security reference

• The default Web UI admin password must be changed before logging imto Management
Console

System Requirements

The PCoIP Management Console is intended for deployment within a secured corporate network
for the management of PCoIP endpoints that are internal or external (Enterprise) to the network.

 Note: PCoIP Management Console must not be accessible from unsecured networks

The PCoIP Management Console must only be accessible by endpoints from the open Internet as described within
this guide. Any other exposure to the open Internet is an unsupported use of the product and will void any warranty.

Deployment
PCoIP Management Console is released in three formats. The first called Open Virtual Appliance
(OVA) format with supported hypervisor platforms of VMware ESXi 6.0, 6.5 and 6.7. The second
format is the Amazon Machine Image (AMI) format for services delivered using Amazon Elastic
Compute Cloud (EC2). The third format is RPM which is one standard for Linux Administrators to
manage software installations. The three formats feature CentOS 7.x, 64 bit as the PCoIP
Management Console installation OS.

System Configuration
PCoIP Management Console requires the following minimum system configuration:

OVA format AMI format RPM format

• 4 CPUs • 4 vCPUs • 4 CPUs

• 12 GB RAM • 12 GB RAM • 12 GB RAM
• 62 GB hard drive space • 62 GB hard drive space • 20 GB free hard drive space
• Recommended instance type: m5.xlarge

 Caution: Lowering minimum system requirements

Changing minimum system requirements, such as lowering RAM to 4 GB may produce error messages such as
"Waiting for the server to start. Please refresh the page to try again." Minimum requirements help ensure you have the
greatest chance for a successful deployment.

Licensing for PCoIP Management Console

PCoIP Management Console requires access to the activation server on the Internet, directly on
port 443 or via a proxy, in order to activate a license. For more information, please see Managing
Licenses Online.

Port Numbers
The PCoIP Management Console uses the following ports with both formats:

• Inbound port 443: HTTPS for access to the web interface (administrative interface)

• Inbound port 5172: PCoIP Management Protocol (management interface)

• Outbound port 5172: PCoIP Management Protocol required for manual discovery only

• Outbound port 443: HTTPS (licensing interface)

• Inbound port 8080: Redirects port 80 to 8080.

• Inbound port 8443: Redirects port 443 to 8443

• Inbound port 22: TCP (for SSH)

IP Address Configuration
The PCoIP Management Console supports IPv4 and can join any network that is using DHCP. The
PCoIP Management Console also supports static IP addressing. Teradici recommends giving the
PCoIP Management Console a fixed IP address, either through a DHCP reservation or by assigning
a static IP address. See Assigning a Static IP Address.

Browser Compatibility
PCoIP Management Console supports the release of each browser available at the time of product
release, with the exception of Internet Explorer:

• Firefox

• Chrome

• Microsoft Edge

PCoIP Endpoint Firmware

Teradici recommends using the latest version of firmware for PCoIP endpoints. For the latest
information on current and supported versions, see the Teradici Support Center for your product
page.

 Note: PCoIP Management Console requires PCoIP endpoints have a minimum firmware release installed

PCoIP Management Console require PCoIP zero client endpoints with firmware release 5.0 or later installed and
PCoIP remote workstation cards with firmware 5.0 or later installed. If you have endpoints running previous firmware
versions, please use PCoIP Management Console 1.10.3 to 1.10.8 or each endpoint’s Administrative Web Interface
(AWI) to upgrade to the latest firmware for each endpoint. For instructions, see Upgrading Endpoints to Firmware 5.0
or Later.

Installing the PCoIP Management Console and

Configuring Your System

The topics in this section contain information to help you get up and running quickly.

Topics that refer to specific versions of PCoIP Management Console will be identified by the
release number.

 Note: Migrating, upgrading, or downgrading from other versions

If you are migrating to a new PCoIP Management Console version from PCoIP Management Console 1, see Migrating
from PCoIP Management Console 1. If you are upgrading or migrating from PCoIP Management Console 2 to a newer
version, see Migrating PCoIP Management Console 2 to a New Version. If you need to downgrade endpoints from
firmware 5.0 or later to 4.8, see Downgrading Endpoints to Firmware 4.x.

Installing PCoIP Management Console using

vSphere

Once you have downloaded PCoIP Management Console, deploy it as an Open Virtual Appliance
(OVA) using vSphere Client.

To install PCoIP Management Console using vSphere Client:

1. Download the latest PCoIP Management Console OVA file to a location accessible from your
vSphere Client.

2. Log in to your vSphere Client.

3. If you have more than one ESXi host, select the desired ESXi node; otherwise, there is no need
to select a node.

4. From the vSphere client’s File menu, select Deploy OVF Template.

5. In the Source window, click Browse, select the PCoIP Management Console’s OVA file, click
Open and Next.

6. In the OVF Template Details window, view the information and click Next.

7. In the End User License Agreement window, read the EULA information, click Accept and then
Next.

8. In the Name and Location window, enter the name for your PCoIP Management Console and
click Next.

9. In the Host/Cluster window, select the ESXi host on which you want to deploy the PCoIP
Management Console and click Next.

10. In the Storage window, select the local disk or SAN where you wish to deploy the PCoIP
Management Console and click **Next*.

11. In the Disk Format window, select a thick or thin provision option and click Next.

12. In the Network Mapping window, select the network or VLAN where you wish to deploy the
PCoIP Management Console and click Next.

13. In the Ready to Complete window, view your settings, enable Power on after deployment (if
desired), and click Finish.

14. When you see the 'Completed Successfully' message, click Close.

15. Make a note of the IP address of your PCoIP Management Console's virtual machine (VM) to
log in to your PCoIP Management Console from a browser.

16. To activate PCoIP Management Console Enterprise, see Managing Licenses Online.

 Note: Ensure different IP addresses when running parallel versions

If you are running PCoIP Management Console 1 in parallel with PCoIP Management Console releases 2.x or later,
ensure the two versions of the PCoIP Management Console have different IP addresses.

Installing PCoIP Management Console into AWS

EC2

The PCoIP Management Console AMI is a conversion of the OVA file into the Amazon Machine
Image (AMI) format with SSH enabled to permit secure administrative access.

The virtual machine is made available for users of the PCoIP Management Console that wish to
move more of their deployment to the cloud—especially those deploying Amazon WorkSpaces
with PCoIP Zero Clients.

Non-System Requirements

• Amazon Web Services account with access to deploying EC2 instances

• SSH client

Deployment Considerations
Ensure you have the Port Numbers opened and all inbound ports are restricted to your corporate
network and you meet the System Configuration requirements for your PCoIP Management
Console.

 Important: PCoIP Management Console must not be accessible from unsecured networks

The PCoIP Management Console must only be accessible by endpoints from the open Internet as described within
the PCoIP Management Console Administrators' Guide. Any other exposure to the open Internet is an unsupported
use of the product and will void any warranty.

 Info: Notable network behaviors

Network usage can be higher when firmware is being uploaded to endpoints. A permanent web socket connection is
maintained to every online endpoint

Deployment
To deploy PCoIP Management Console AMI:

1. Log in to AWS Console.

2. Choose the region the AMI resides in.

3. Navigate to EC2.

4. Navigate to AMIs.

5. Search Public AMIs for the AMI ID obtained from the Management Console release notes.

6. Select the PCoIP Management Console AMI and click Launch.

7. Choose an Elastic Network Adapter (ENA) supported instance type (m5.xlarge recommended
- see system requirements).

8. Configure the AWS Launch steps 2-5 as appropriate for your organization.

9. Select or create a security group in step 6 that will provide access to the required ports, with
the inbound ports restricted to only your corporate network. Ensure network access is
appropriate such that administrators are able to access ports 22 and 443, and that endpoints
can access port 5172.

 Important: Connectivity issues

If you are unable to get this access working, you will need to review your VPC configurations (VPCs, Subnets,
Route Tables), Security configurations (Network ACLs, Security Groups), and possibly VPN Connections or Direct
Connect settings.

10. Complete the steps.

11. When Launching, select a keypair. To ssh into the instance you will use the user admin in
conjunction with the keypair you used on launch.

12. After the Management Console is deployed, it is important the system is appropriately
secured.

Related Information

Securing PCoIP Management Console User Passwords

Default CentOS Configuration for PCoIP Management Console

Setting up Security

Managing Licenses Online

PCoIP Management Console Remote Endpoint Management (Enterprise)

Management Console as an RPM

The Management Console RPM allows administrators an opportunity to manage and control linux
packages in a way that complies to their individual corporate IT policies. The teradicimc-
<version>.rpm package will install the Management Console complete with all linux dependancies
so you can get up and operational quickly.

 Linux Proficiency

It is expected that administrators of Linux operating systems are proficient at using the Linux OS. Different Linux
distributions may require different procedures. Teradici uses the Linux CentOS distribution for instructional
information.

Hardware and Virtual Machine Requirements

Item Requirements

CPU Minimum 4 CPUs or vCPUs

Disk Minimum 20 GB FREE disk space dedicated to the Management Console

Space Increase this size by the required space for the CentOS operating system and any other files on your
Linux system

RAM Minimum of 12 GB

OS Centos 7.x

User Username and Password of user with sudo access

 Minimum Requirements Validation

The Management Console RPM package will check for the minimum hardware resource requirements (cpu, disk, ram)
and fail if it is not met. To disable the minimum requirement check, enter the following command:
sudo MC_NO_CHECK=1 rpm -Uvh teradicimc-<version>.rpm
Disabling the minimum requirements check is not recommended! Lowering minimums may reduce Management
Console performance, particularly in large deployments.

Management Console Installation, Upgrade and Removal

Upgrading from an RPM is supported when upgrading from PCoIP Management Console release
19.05 and newer.

 Backup Your Database

Always ensure you have a working backup of your Management Console data when performing a Management
Console removal, upgrade, or installation. Considerations should include:

• having a current snapshot of your virtual machine

• having a complete backup or clone of your Linux PC

• having a current backup of your Management Console database.

With the teradicimc-<version>.rpm package, the installation process will create everything that
Management Console needs in order to work properly. You can then upgrade or remove the
Management Console as required. The PCoIP Management Console RPM is provided as a
compressed file for download. A public RPM repository will be available for seemless installs in a
future release.

 iptables Rules

If your host Linux OS currently has an iptables configuration you will need to re-add your configuration after the
Management Console installation or upgrade. Installation of Management Console replaces the iptables rules with
ones that allow Management Console to work properly. If adding rules required by your security policy, ensure not to
change the Management Console required rules or you may prevent it from operating correctly.

Installation or Upgrade

Download the RPM from https://help.teradici.com and copy the compressed file to the PCoIP
Management Console VM. Windows users may have to use a third party tool such as WinSCP to
copy the file to the Linux VM.

 Database migration during Upgrade

During an upgrade, the database will be automatically migrated if moving to a newer version of Management Console.

To install Management Console on your VM for the first time or to upgrade a Management
Console installation:

1. Change directories to where the tar.gz file is located, enter: tar xvzf teradicimc-
<version>.tar.gz .

2. Change directories to the unzipped folder where the RPM is located. (teradicimc-<version>-
<build> folder)

3. Enter sudo yum install teradicimc-<version>.rpm .

Removal

To remove Management Console you will have two choices, remove only the Management
Console or remove the Management Console with all its dependancies.

• To remove Management Console only, enter sudo yum remove teradicimc .

• To remove Management Console and any package that was required by Management
Console including the database, enter sudo yum autoremove teradicimc .

Log In to the PCoIP Management Console Web

User Interface

This section assumes that the PCoIP Management Console is configured to connect to your
network. If you used DHCP to assign the IP address, then you will be able to continue in this
section. If you require static IP addresses, Changing the Default Network Configuration for
instructions prior to continuing.

Before accessing the PCoIP Management Console web user interface (UI) from your browser for
the first time, ensure that the following are in place:

• Your license has been activated for PCoIP Management Console Enterprise. See Activating
Licenses.

• You know the IP address of your PCoIP Management Console virtual machine. To locate the
address:

• Using vSphere Client, log in to your vCenter server.

• In the Inventory list, select VMs and Templates.

• Select your PCoIP Management Console virtual machine and then click the Summary tab.

• Note the IP address in the General pane.

Using the Web Interface for the First Time

The Management Console's Web User Interface (Web UI) contains information that can be useful
when troubleshooting issues. These references are identified in the following web user interface
login screen example.

WebUI Descripiton
Area

1 Identifies if you are using FREE or licensed ENTERPRISE mode of PCoIP Management Console

2 Identifies the release number of your Management Console

3 Informational message advising on how to upgrade to ENTERPRISE if new features are required

4 Links to find further information.

• Help: redirects you to the current product page of Management Console

• License Agreement: Displays the license agreement for your installed Management Console

• Suport: Redirects you to the Teradici support site

• teradici.com: Links to the teradici web page where you can quickly find further information such as
white papers and the latest information on new products

 Note: The Web UI admin account for PCoIP Management Console is different "from the virtual machine
admin account

The default admin account that you use when first logging in to the PCoIP Management Console web UI is not the
same admin account you use for logging in to the PCoIP Management Console virtual machine console.

To log in to the PCoIP Management Console web interface:

1. In your browser’s address bar, enter the IP address of the PCoIP Management Console virtual
machine. See Installing PCoIP Management Console using vSphere.

2. At the PCoIP Management Console login screen, enter the web interface credentials.

• USERNAME admin

• PASSWORD password

 Note: Changing default settings

In order to change the PCoIP Management Console’s default settings and run various scripts, you must connect to the
PCoIP Management Console’s virtual machine console and log in. See Accessing the PCoIP Management Console
Virtual Machine Console

1. Click SIGN IN. If login is successful, the PCoIP Management Console dashboard displays in
your browser window.

 PCoIP Management Console Enterprise

The next example shows the PCoIP Management Console Enterprise dashboard. The banner will indicate PCoIP
Management Console Free if you are running in free mode.

PCoIP Management Console Web UI User Account Lockout

The PCoIP Management Console inhibits automated system attacks on its web UI. If a user login
fails 6 times within a 30-minute period, that user account will be locked out for 30 minutes. If this
occurs, the login screen will display the message shown next.

User Account Lockout Screen

Understanding the PCoIP Management Console

Dashboard

The DASHBOARD page gives you an overview of the PCoIP Management Console’s current
configuration and health, as well as the status and activity of your PCoIP deployment. You can also
use the dashboard to keep track of upcoming schedules and to view their details.

An example of the PCoIP Management Console Enterprise dashboard is shown. The table that
follows describes the various sections in the dashboard layout and contains links to more
information about the dashboard components.

PCoIP Management Console Dashboard

PCoIP Management Console Dashboard Description

Area Dashboard Description

1 Welcome message Displays the PCoIP Management Console user account for the logged in user.
LOGOUT Lets you log out from your PCoIP Management Console session.

2 DASHBOARD Navigates to the DASHBOARD page. The DASHBOARD link occurs at the top of all
PCoIP Management Console pages.

ENDPOINTS Navigates to the ENDPOINTS page. From this page you can structure endpoints
into groups, apply profiles, discover endpoints manually, view endpoint details,
search, and filter endpoints in the endpoint tables. The ENDPOINTS link occurs at
the top of all PCoIP Management Console

PROFILE

SCHEDULE (Enterprise) Navigates to the SCHEDULE page which includes the schedule HISTORY tab.
From the SCHEDULE page you can create, view, edit, delete, enable and disable
schedules to update groups of endpoints in the future and access the PCoIP
Management Console’s schedule history tab. The SCHEDULE link occurs at the
top of all PCoIP Management Console pages.

AUTO CONFIGURATION Navigates to the AUTO CONFIGURATION page. From this page you can configure,
(Enterprise) edit, and delete rules to automatically assign endpoints to a specific group when
they are first discovered or whenever they move to or from a group. The AUTO
CONFIGURATION link occurs on at the top of all PCoIP Management Console
pages.

ENDPOINT Allows administrators to configure rules that request certificates for endpoints.
CERTIFICATES
(Enterprise)

SETTINGS Navigates to the SETTINGS page. From this page you can manage PCoIP
Management Console users, change the time zone for your PCoIP Management
Console web interface, configure a persistent naming convention for
automatically naming endpoints, upload firmware and certificates to the PCoIP
Management Console , manage PCoIP Management Console databases, view
license information, view PCoIP Management Console version information, and
configure the PCoIP Management Console log level. The SETTINGS link occurs at
the top of all PCoIP Management Console pages.

Area Dashboard Description

3 License expiry Displays the number of days remaining until the PCoIP Management Console
notification banner Enterprise’s license expires. If you disable this message, it will not appear again
for 30 days when viewing the PCoIP Management Console Enterprise using that
browser. You will see it again if you access the PCoIP Management Console
Enterprise using a different browser that does not have the notification disabled.

4 MANAGEMENT Shows the PCoIP Management Console’s status and contains information about
CONSOLE STATUS how the PCoIP Management Console is configured:
• Health: The PCoIP Management Console health displays as 'good' unless the disk
is more than 80% full and/or the PCoIP Management Console daemon is halted.
• Disk Capacity: Shows the percentage of disk space used.
• DNS SRV Record: Displays the PCoIP Management Console’s FQDN that is
configured in the DNS SRV record. If no record exists, this field is left blank.
• Auto Config: Indicates whether auto configuration is enabled or disabled.
• Scheduling: Indicates whether schedules are enabled or disabled.
• Time Zone: Indicates the time zone setting for the user’s PCoIP Management
Console web interface. By default, the time zone is set to the PCoIP
Management Console virtual machine’s time zone, which is always in
Coordinated Universal Time (UTC). If desired, you can set your web interface
time to reflect your local time zone.
• MC Version: Displays the current PCoIP Management Console release version.

DEPLOYMENT Displays status information about the managed endpoints in your system, such
CONSOLE STATUS as the number that are online and offline, and the number that are grouped and
ungrouped. This section also indicates important information about profiles that
failed to apply.

CURRENT ACTIVITY Displays the number of endpoint updates in progress, pending, scheduled, and
the number of endpoints waiting to restart or requiring a manual reboot.

UPCOMING Displays information about upcoming schedules, including the date and time
SCHEDULES they will apply.

CERTIFICATES Identifies the number of endpoints with SCEP generated certificates:

(This dashboard • Expired certificates
feature is limited to • Certificates expiring today
SCEP generated • Certificates that are less than 30 days from expiring
certificates) • No certificates
• Valid certificates

Area Dashboard Description

VIEW SCHEDULES Lets you open the SCHEDULE page to view details for a schedule.

5 Footnote Information The following links occur at the bottom of every PCoIP Management Console
page:
• Help: Opens the PCoIP Management Console support page where you can find
information about the PCoIP Management Console.
• License Agreement: Opens the Teradici End User License Agreement (EULA) in
your browser window.
• Support: Opens the Teradici Support page in your browser window.
• teradici.com: Opens the Teradici web page in your browser window.
• Release: Identifies the PCoIP Management Console release version.

Managing Licenses Online

PCoIP Management Console Enterprise is enabled through subscription licensing provided on a

per managed device basis for terms of one and three years. Licenses can be added together to
achieve the total number of necessary managed devices.

Licenses come by email after you order them and contain one activation code for each license
SKU ordered. Activation codes (also known as entitlement IDs) have an alphanumeric format of
0123-4567-89AB-CDEF.

The following is an example of the email content for 3x100 license SKUs:

 Note: License keys shown next are examples

The license keys shown next do not contain real activation codes.

Description: Teradici PCoIP® Management Console Enterprise – 1 year. Includes support and
maintenance.

No. of Devices: 10 Devices

Quantity: 3

Valid Until: 12/31/2016

Activation Code: 0123-456Z-89AB-CDEF

Contact your reseller to obtain your license key for PCoIP Management Console Enterprise or go to
https://connect.teradici.com/mc-trial to request a free PCoIP Management Console Enterprise trial
license. For more information on license options and packaging, see https://www.teradici.com/
products-and-solutions/pcoip-products/management-console or one of Teradici’s resellers.

License Requirements and Restrictions

The following requirements and restrictions apply for PCoIP Management Console:

 Caution: Return all licenses before migrating

If your PCoIP Management Console appliance will be moved to another server or replaced with an upgrade, you must
return all the PCoIP Management Console licenses before the migration and then re-activate the licenses after the
migration.

• When a license expires, PCoIP Management Console will operate in Free mode. Enterprise
mode features will stop working Licenses are installed per PCoIP Management Console
appliance.

• If no licenses are installed, the PCoIP Management Console will operate in Free mode.

• Internet access to https://teradici.flexnetoperations.com/ on port 443 is required for the PCoIP

Management Console to activate the license against the license server. The PCoIP
Management Console may also require the ability to contact this server from time to time to
keep the license activated.

• Licenses can be returned multiple times. If the system prevents activation after returning a
license, contact Teradici support at Teradici Support Center.

• You can have multiple licenses active on PCoIP Management Console, however each license
can only be active on one PCoIP Management Console.

• Licenses are activated one license at a time.

Expiry Notifications
The Management Console interface displays a notification when licenses are about to expire,
when they have expired, when you are approaching your licensed device count limit, and when you
have reached the limit.

Support and Maintenance

Use the activation code you received to request Teradici Support and Maintenance.

For more information on Teradici support and maintenance, see http://www.teradici.com/

products-and-services/global-support-services/pcoip-product-support-maintenance.

 Info: License Scripts

If managing licenses through the command line, please see License Scripts

Activating Licenses
Before you can activate your license, you will need your activation key. If you are activating from
behind a proxy, you will also need the IP address, port number, username, and password to
authenticate to your proxy server. If you wish to use the virtual machine console to manage your
licenses, see Using your Virtual Machine Console to Administer Licenses when Connected to the
Internet

Using the UI to activate your PCoIP Management Console Enterprise license:

1. Navigate to SETTINGS > LICENSE page.

2. Select the NEW LICENSE button.

3. Enter your License Key and select the ACTIVATE LICENSE button.

Using the UI to activate your PCoIP Management Console Enterprise license from behind a proxy server:

Activating your license from behind a proxy server requires you configure the additional
parameters that appear after activating the Connect through a proxy option. The additional
parameters are Proxy Address, Port, Username, and Password of the proxy server.

Activate New License Dialog

Viewing Installed Licenses

Once your license is activated, its information is stored on the PCoIP Management Console virtual
machine.

To view installed licenses via the PCoIP Management Console user interface:

• Navigate to SETTINGS > LICENSE.

The following information will be displayed:

• Fulfillment ID: XXXXXXXX: An ID assigned to a license after it is activated. This ID is required if

you deactivate the license. The fulfillment ID will be different each time you reactivate a
license after it has been deactivated.

• Entitlement ID: XXXX-XXXX-XXXX-XXXX: The license key you received via email that you use to
activate your license.

• Expiration date: DD-MMM-YYYY: The day, month, and year your license expires.

LICENSE Page

Deactivating Licenses
It is important to deactivate a license when you no longer need it, for example, when you
decommission a virtual machine. This frees up the license and makes it available for a different
PCoIP Management Console Enterprise deployment.

 Note: Deactivating license reverts PCoIP Management Console to PCoIP Management Console Free

PCoIP Management Console will run in Free mode when all its licenses are deactivated.

 Warning: Internet Access Required

When deactivating a license, an internet connection to the licensing server is required unless the offline license
activation steps are used.

Deactivating Your PCoIP Management Console License

Using your UI to deactivate PCoIP Management Console Enterprise license:

1. Navigate to SETTINGS > LICENSE page.

2. Highlight the licenses you want deactivated and select the DEACTIVATE button.

Deactivating your PCoIP Management Console Enterprise license from behind a proxy server:

Deactivating your license from behind a proxy server requires you configure the additional proxy
server parameters that appear after activating the Connect through a proxy option. The additional
parameters are Proxy Address, Port, Username, and Password.

Using your UI to deactivate PCoIP Management Console Enterprise license behind a proxy server:

1. Navigate to SETTINGS > LICENSE page.

2. Highlight the licenses you want deactivated and select the DEACTIVATE button.

3. Select the Connect through a proxy radio button and fill out the proxy fields.

4. Select the DEACTIVATE button in the DEACTIVATE LICENSE dialog.

Managing Licenses Offline

License Scripts

Teradici provides shell scripts that let you activate, view information about, and deactivate PCoIP
Management Console Enterprise licenses. All scripts are located in the PCoIP Management
Console virtual machine console’s /opt/teradici/licensing directory and require you to
connect to your PCoIP Management Console virtual machine console. See Logging in to the PCoIP
Management Console OVA Virtual Machine Console.

Activating Your PCoIP Management Console License from a

Location Without Internet Access
To activate your PCoIP Management Console Enterprise license when the PCoIP Management
Console is located on a site without Internet access (sometimes referred to as a darksite), you will
need to create a ticket for Offline License Activation. A support site account will be required to
create this ticket. The ticket must include your license activation code that was provided by email
when you requested a trial license or when your Enterprise license was purchased. Once the ticket
is created, you will be provided with an offline activation .asr file allowing you to produce an offline
activation short code to return to support. Support will in turn provide you with a response text file
which you will use to activate PCoIP Management Console Enterprise. Activating and deactivating
licenses from a site without Internet access must be done using the virtual machine console.

Requesting Offline Activation

Go to the support site https://techsupport.teradici.com sign in and create a ticket for Offline
License Activation. Include your PCoIP Management Console Enterprise license activation code
that was provided by email when your trial license was requested or when your Enterprise license
was purchased.

Producing an Offline Activation Short Code

The ticket will first be updated by Teradici support with an ASR file which you have to upload to
your PCoIP Management Console. Once you have the ASR file, perform the following steps from
your PCoIP Management Console virtual machine console.

1. Enable SSH if using PCoIP Management Console in OVA format. See: Temporarily Enabling
SSH Access

2. Connect a Secure Copy Protocol (SCP) client such as Putty or WinSCP to the PCoIP
Management Console virtual machine using the PCoIP Management Console virtual machine
administrative credentials.

3. Upload the ASR file provided in your ticket to the administrative home directory (/home/
admin/).

4. Connect a Secure Shell (SSH) client to to the PCoIP Management Console virtual machine
using the PCoIP Management Console virtual machine administrative credentials.

5. Change directories to the licensing directory.

[admin@localhost ~]$ cd /opt/teradici/licensing/

6. Set the LD_LIBRARY_PATH variable.

[admin@localhost licensing]$ export LD_LIBRARY_PATH=/opt/teradici/licensing

7. Process offline_activation.asr with appactutil.

[admin@localhost licensing]$ ./appactutil -shortcode ~/offline_activation.asr
Activation short code output example:
Activation short code: 216360-082292-891921-316997-475492-227533-740186-228152

8. Copy your Activation short code into a text file and enter it into your ticket. Wait for the
response code text file to be returned from support.

Completing the Offline Activation

Once the support ticket has been updated with a response code text file, you can then follow these
steps to activate your PCoIP Management Console Enterprise with the response code file.

1. From the PCoIP Management Console virtual machine console enable SSH. See: Temporarily
Enabling SSH Access

 Info: PCoIP Management Console AMI format

Enabling SSH is not required for the AMI

2. Connect a Secure Copy Protocol (SCP) client such as Putty or WinSCP to the PCoIP
Management Console virtual machine using the PCoIP Management Console virtual machine
administrative credentials.

3. Upload the response text file provided in your ticket to the administrative home directory (/
home/admin).

4. Change directories to the licensing directory.

[admin@localhost ~]$ cd /opt/teradici/licensing/

5. Set the LD_LIBRARY_PATH variable.

[admin@localhost licensing]$ export LD_LIBRARY_PATH=/opt/teradici/licensing

6. Process response.txt with appactutil.

[admin@localhost licensing]$ ./appactutil -process ~/response.txt

Reading response from /home/admin/response.txt

SUCCESSFULLY PROCESSED RESPONSE
ProductID MC, FulfillmentID FID-CUSTNAME-2016-1

Viewing Installed Licenses

To view your installed licenses:

1. Enable SSH. See: Temporarily Enabling SSH Access

2. Connect a Secure Shell (SSH) client to the PCoIP Management Console virtual machine using
the PCoIP Management Console virtual machine administrative credentials.

3. Change directories to the licensing directory.

[admin@localhost ~]$ cd /opt/teradici/licensing/

4. Set the LD_LIBRARY_PATH variable

[admin@localhost licensing]$ export LD_LIBRARY_PATH=/opt/teradici/licensing

5. View the installed licenses and note the Fullfillment ID of the license to return.
[admin@localhost licensing]$ ./appactutil -view

--------------------------------------------------------------------
Trust Flags: FULLY TRUSTED
Fulfillment Type: SHORTCODE
Status: ENABLED
Fulfillment ID: FID-OFFLINE-12345678-1
Entitlement ID: ENTL-OFFLINE-12345678-2-1
Product ID: MC
Suite ID: NONE
Expiration date: 30-may-2017
Feature line(s):
INCREMENT MC_nDevices TERADICI 2.00000 30-may-2017 1 \
VENDOR_STRING="nDev=500, FNO=90, SN=19137747" ISSUER=Teradici \
ISSUED=13-mar-2017 NOTICE="Teradici - Dev Ops" TS_OK \
SIGN="00D0 A25F 78FB A9C4 7093 EB1A 2744 8500 DF9B 8201 9CFE \
F024 08A5 67DE CD45"
--------------------------------------------------------------------

Deactivating Your PCoIP Management Console Enterprise

License from a Location Without Internet Access
To deactivate your PCoIP Management Console Enterprise license when the PCoIP Management
Console is located in a site without Internet access:

1. Enable SSH. See: Temporarily Enabling SSH Access

2. Connect a Secure Copy Protocol (SCP) client such as Putty or WinSCP to the PCoIP
Management Console virtual machine using the PCoIP Management Console virtual machine
administrative credentials.

3. Upload the ASR file provided in your ticket to the administrative home directory.

4. Connect a Secure Shell (SSH) client to the PCoIP Management Console virtual machine using
the PCoIP Management Console virtual machine administrative credentials.

5. Change directories to the licensing directory.

[admin@localhost ~]$ cd /opt/teradici/licensing/

6. Set the LD_LIBRARY_PATH variable

[admin@localhost licensing]$ export LD_LIBRARY_PATH=/opt/teradici/licensing

7. View the installed licenses and note the Fullfillment ID of the license to return.
[admin@localhost licensing]$ ./appactutil -view

8. Generate the return request code by using appactutil. The ASR file referenced must be the one
used to activate the license. The -return parameter is the Fulfillment ID noted in the previous
step.
[admin@localhost licensing]$ ./appactutil -shortcode ~/offline_activation.asr -
return FID-OFFLINE-12345678-1
Return short code: 163698-563854-292262-189561-853089-634323-881517-668156

9. Send the return short code returned in step 8 as a text file to Teradici.

10. Teradici will return a response file where you must finish the deactivation by following the
Completing the Offline Activation

 Note: Finding fulfillment ID

To find your fulfillment ID, see Viewing Installed Licenses.

Uploading Endpoint Firmware to the PCoIP

Management Console

Endpoint firmware files must first be uploaded to the PCoIP Management Console before you can
create profiles or perform firmware updates.

 Note: Prior to importing a PCoIP Management Console 1 profile

For Tera2 PCoIP Zero Clients and Remote Workstation Cards, PCoIP Management Console must have at least one
firmware image uploaded to it before you can import a PCoIP Management Console 1 profile. Migrated profiles will be
assigned the latest firmware version that is present on PCoIP Management Console.

To upload endpoint firmware files to PCoIP Management Console:

1. From the PCoIP Management Console’s top menu, click SETTINGS.

2. Click SOFTWARE in the left pane.

3. Click Add Software/Firmware.

4. Click Select file.

5. Select the desired combined firmware file (.pcoip), and then click **Open* and Upload to
upload the file to the PCoIP Management Console.

Setting up Security

 Caution: Ensure system operates at a security level that matches your organization's requirements

As an administrative user, you must ensure your system operates at a security level that matches the requirements of
your organization.

By introducing this appliance into your network, you accept that there are risks involved in
deploying the system, and you acknowledge that you have reviewed the default PCoIP
Management Console and CentOS configuration and have performed any other changes to make
the security level appropriate for your deployment.

 Note: Update your software to the current release

From time to time, updates may be made available, either from Teradici or the developers of CentOS. While Teradici
recommends staying current on releases, it is also recommended that you test updates on a test system prior to
upgrading your production system or back up a snapshot of the PCoIP Management Console before running the
update.

The OS admin user must use the sudo command when performing actions that require elevated
privileges.

 Note: Non-root Linux passwords must be at least ten characters long

Non-root Linux passwords must be at least ten characters long and contain one each of upper case, lower case,
decimal, and special characters. When changing a non-root Linux password, the new password must be at least four
characters different from the previous password.

The following table contains some further recommendations for securing your PCoIP
Management Console over and above the default CentOS security configuration undertaken by
Teradici.

PCoIP Management Console Security Recommendations

Recommendations Description

Network security Configure your corporate firewall as follows:

• Block inbound traffic from unsecured networks to the PCoIP Management Console
on all ports (for example, block traffic from the Internet).

• Block outbound traffic from the PCoIP Management Console to unsecured networks
on all ports except for ports 80 and 443. Port 80 must be open for system updates
and port 443 for system updates and licensing.

Operating system • Change the default passwords for the virtual machine admin user, root user, and web UI
security admin user immediately after installing the PCoIP Management Console. See Accessing
the PCoIP Management Console Virtual Machine Console.
• Ensure the CentOS firewall only allows port access to the ports that are required for the
PCoIP Management Console to run. See Default firewall port settings are as follows.
• Update CentOS third-party packages on a regular basis using the sudo yum update
"package" command.
Note: Prior to updating your production system
To ensure that a library update does not cause problems, Teradici recommends that you
perform updates on a test system (or that you take a snapshot of the PCoIP
Management Console) before updating your production system. See Backing Up PCoIP
Management Console Database.
• Remove external NTP server references. See NTP Configuration Considerations

PCoIP Management • Create a new PCoIP Management Console web UI administrative user and disable the
Console web UI default admin account and provide the desired role. (PCoIP Management Console
security Enterprise only).
Note: Re-enabling admin account
If you have disabled the admin account and plan to revert the PCoIP Management
Console Enterprise to PCoIP Management Console Free, this account must be re-
enabled before you can log in again to the PCoIP Management Console web UI.
Alternatively, you can run a script from the PCoIP Management Console virtual machine
console to re-enable the default admin account.
• Replace the PCoIP Management Console certificate with your own custom certificate
and upload it to all endpoints. See Managing PCoIP Management Console Certificates.
• Check the Teradici support site for the latest PCoIP Management Console release.

Recommendations Description

Enable HTTP Strict HTTP Strict Transport Security (HSTS) is a policy that helps protect web server
Transport Security appliances against particular types of attacks against the communication between the
(HSTS) web browser and the web server.
See HTTP Strict Transport Security for details on how to enable HSTS.
Important: Requirements
HTTP Strict Transport Security (HSTS) requires:
• PCoIP Management Console have a proper trusted certificate installed
• The chain or root certificate installed in the browser used to connect to the PCoIP
Management Console

Active Directory Authentication

PCoIP Management Console Active Directory (AD) authentication uses Lightweight Directory
Access Protocol (LDAP) or Secure Lightweight Directory Access Protocol (LDAPS) with Active
Directory servers for user authentication. LDAPS is recommended to give you a more secure
environment, through the use of an Active Directory Certificate, which should be available before
activating the Active Directory configuration.

 Caution: LDAP or LDAPS

LDAPS is the secure version of LDAP and is recommended for production environments and requires installation of
the Active Directory Certificate.

Active Directory Configuration tab

 Important Notes

This release of Active Directory in PCoIP Management Console has important limitations which need to be
considered before using this feature in your deployment.

• The MC's AD authentication only works for the same domain as the Domain Controller you have configured in the
Management Console's SETTINGS > AUTHENTICATION > ACTIVE DIRECTORY CONFIGURATION tab

• Only supports on-premises Active Directory

• Only supports one active domain at a time

• Supports UPN login

• Only supports uploading one Active Directory Certificate to the certificate store

 Upload the Root Certificate

Upload the Root Certificate from the CA that issued the Domain Controller's certificate

• Configurations for parent groups do not transfer to child groups. Ensure the child group is configured as required.

• Does not support domain trust relationships

Installing an Active Directory Certificate

LDAPS requires a Base64 encoded certificate in .pem or .cer format to be uploaded to the
certificate store. The LDAPS certificate should be downloaded from the same Active Directory that
will be used for authentication. This can be done before or after enabling Active Directory.

To install your Active Directory Certificate:

1. Browse to SETTINGS > SECURITY and select the ADD CERTIFICATES tab.

2. Select the UPLOAD CERTIFICATE button.

3. Use the SELECT CERTIFICATE button and browse to where your Active Directory Certificate is
located, highlight it and select the Open button.

4. Select the UPLOAD button and then OK in the Active Directory Certificate Details dialog.

5. Access the PCoIP Management Console virtual machine console, (see Accessing the PCoIP
Management Console Virtual Machine Console) and run the import script located in /opt/
teradici/scripts directory.

To run the script ensure you include the full path to the script and that you type the name of the
correct AD uploaded certificate.

sudo /opt/teradici/scripts/import_ldaps_certificate.sh /opt/teradici/console/certs/

adcerts/< certificate_name >

 Tip: Dialog Information

After selecting the certificate the dialog contains additional information that is useful for managing your certificate
from the virtual machine console.

Viewing your Active Directory Certificate

You can view the Active Directory Certificate by viewing the ACTIVE DIRECTORY CERTIFICATES tab
located on the SECURITY settings page.

Active Directory Certificates tab

Removing your Active Directory Certificate

Removing your Active Directory Certificate requires you to login to the PCoIP Management
Console virtual machine console, see Accessing the PCoIP Management Console Virtual Machine
Console to run the removal script located in the /opt/teradici/scripts directory.

Once logged in to the virtual machine console, browse to the opt/teradici/scripts directory and enter
./remove_ldaps_certificate.sh .

Creating and Enabling Active Directory Configuration

To create and enable an Active Directory configuration:

1. Log in to PCoIP Management Console

2. Browse to SETTINGS > AUTHENTICATION and select the ACTIVE DIRECTORY CONFIGURATION
tab.

3. Select the NEW button.

4. Select your preferred protocol LDAP or LDAPS.

5. Enter the Host Name / IP Address of your Active Directory Server and any specific port that
you want to use.

6. Enter the Domain Name that the Active Directory Server manages.

7. Save your configuration.

8. Return to the ACTIVE DIRECTORY CONFIGURATION tab and Click Enable to enable the
connection.
(The PCoIP Management Console will reboot.)

9. Login to MC and browse to SETTINGS > AUTHENTICATION and select the ACTIVE DIRECTORY
CONFIGURATION tab and enable your desired Active Directory configuration.

 Tip: If PCoIP Management Console does not restart

If your PCoIP Management Console does not restart using the PCoIP Management Console GUI, you can issue the
following command from the PCoIP Management Console virtual machine console: sudo service mcconsole
restart

Adding Active Directory Groups

Adding Active Directory groups require that you have already enabled and configured Active
Directory on the PCoIP Management Console. When adding Active Directory groups to PCoIP
Management Console, ensure the added group has the identical name as the group in Active
Directory and the Managing Users has been assigned to the group for PCoIP Management
Console use.

 Active Directory Users

All Active Directory users have a default timezone of UTC which can be modified by a Management Console System
Administrator after the user has logged in the first time.

Active Directory Group tab

To add or edit an active directory group:

1. Browse to SETTINGS > AUTHENTICATION and select the ACTIVE DIRECTORY GROUPS tab.

2. Select the ADD button.

3. Enter the required information.

• Group Name: must match the Active Directory group name.

 Important: Multiple Groups

If the name of the user is in multiple groups, the user in the first matching group is used. The Active
Directory Group cannot be nested under any other group.

• Domain Name: select the domain from the drop down where the Active Directory group
resides

• Default User Role: This will be the PCoIP Management Console role given to the user for
use when logging into the PCoIP Management Console. User roles can be changed at any
time from the Authentication page. See Managing Users for further information on Users
and User Roles.

4. Select the SAVE button.

Securing PCoIP Management Console User

Passwords

This section provides an overview of how to change your PCoIP Management Console default
passwords.

Accessing the PCoIP Management Console Virtual

Machine Console

In order to change the PCoIP Management Console's default settings and run various scripts, you
must connect to the PCoIP Management Console’s virtual machine console and log in. The AMI
release of PCoIP Management Console has SSH enabled by default to provide access to its virtual
machine console. The SSH server on the CentOS operating system virtual machine is disabled on
the OVA release of PCoIP Management Console since access to the virtual machine console can
be made using VMware vSphere Client. However, if your security requirements permit SSH access,
you can temporarily or permanently enable SSH for the PCoIP Management Console virtual
machine admin user. This section provides instructions for both methods.

 Info: PCoIP Management Console AMI virtual machine console

When using PCoIP Management Console AMI format, SSH on the CentOS operating system virtual machine is
enabled by default to provide console access via an SSH Client.

 Caution: SSH access on PCoIP Management Console AMI

Disabling SSH access on PCoIP Management Console AMI releases is not recommended as it will prevent you from
gaining vm console access which may be required to make changes such as security updates and password
changes.

PCoIP Management Console AMI users should start at Logging in from an SSH Client

Logging in to the PCoIP Management Console OVA Virtual

Machine Console
To log in to virtual machine console from vSphere Client:

1. Launch VMware vSphere Client.

2. Enter the IP address or FQDN for your vCenter Server along with your user name (DOMAIN\user
name) and password.

3. Select Inventory > VMs and Templates.

4. Expand the inventory tree and locate your PCoIP Management Console virtual machine.

5. Right-click on the virtual machine and select Open Console.

6. Log in to the console:

user name: admin
password: ManagementConsole2015 (default) or the password you have assigned to the admin
user.

 Note: Releasing the cursor once connected

Once you are connected to the console through the VMware vSphere client, you can release the cursor at any
time by pressing Ctrl + Alt (Windows) or Fn + Control + Option (Mac).

7. When you have finished using the console, type logout to log out.

Enabling/Disabling SSH Access

By default, SSH access is disabled when the PCoIP Management Console OVA release is first
installed. If your security requirements permit SSH access and you wish to log in to the PCoIP
Management Console virtual machine console this way, you can run commands to enable SSH
temporarily or permanently.

 Note: Only admin user can access SSH on AMI and OVA distributions

The PCoIP Management Console is configured to only enable SSH access for the admin user when the SSH server is
enabled. The PCoIP Management Console (OVA or AMI) always restricts SSH access for the root user.

Temporarily Enabling SSH Access

To run the SSH server and enable SSH access for the admin user until the next reboot:

1. Log in as admin to the PCoIP Management Console OVA virtual machine console from your
vSphere Client. See Logging in to the PCoIP Management Console OVA Virtual Machine
Console.

2. Run the following command at the command line:

sudo /sbin/service sshd start

Temporarily Disabling SSH Access

To stop the SSH server and disable SSH access for the admin user until the next reboot:

1. Log in as admin to the PCoIP Management Console virtual machine console from your
vSphere Client. See Logging in to the PCoIP Management Console OVA Virtual Machine
Console.

2. Run the following command at the command line:

sudo /sbin/service sshd stop

 Note: Permanent SSH configuration

A permanent SSH configuration will automatically start the SSH service on reboot.

Permanently Enabling SSH Access

To permanently enable SSH on next reboot:

1. Log in as admin to the PCoIP Management Console OVA virtual machine console from your
vSphere Client. See Logging in to the PCoIP Management Console OVA Virtual Machine
Console.

2. Run the following command at the command line:

sudo chkconfig sshd on

3. If SSH is disabled, Run the following command at the command line to start SSH immediately:
sudo service sshd start

Permanently Disabling SSH Access

 Caution: Disabling SSH access on PCoIP Management Console AMI release not recommended

To permanently disable SSH for the admin user after the next reboot:

1. Log in as admin to the PCoIP Management Console OVA virtual machine console from your
vSphere Client. See Logging in to the PCoIP Management Console OVA Virtual Machine
Console).

2. Run the following command at the command line:

sudo chkconfig sshd off

3. Disable the service by running the following command at the command line:
sudo service sshd stop

Logging in from an SSH Client

To log in to virtual machine console from SSH Client once SSH is enabled:

1. Launch your preferred SSH client.

2. Enter the following information:

• Host name: Enter the FQDN or IP address for your PCoIP Management Console virtual
machine.

• Port: 22

• Connection type: SSH

3. Click Open.

4. Log in to the PCoIP Management Console virtual machine console:

5. user name: admin

6. password: ManagementConsole2015 (default) or the password you have assigned to the

admin user. See Changing the PCoIP Management Console Virtual Machine Default User
Password.

7. When you are finished using the console, type exit to log out and exit the application.

8. If desired, disable SSH. See Enabling/Disabling SSH Access.

Changing the PCoIP Management Console Virtual Machine Default User Password

The PCoIP Management Console’s default password when it is first installed is

ManagementConsole2015. To secure the PCoIP Management Console, it is critical to change this
password immediately after installation.

To change the virtual machine default user password:

1. Log in to your PCoIP Management Console virtual machine console as admin using the
default password, ManagementConsole2015.

2. Type passwd at the command prompt.

3. When prompted, enter the default password and then your new password twice:

passwd
Changing password for admin user.
New password:
Retype new password:<br>passwd:<br>password updated successfully.

4. Follow your company's policy for storing and sharing passwords.

Changing the PCoIP Management Console Web

Interface Default Password

!!! warning Disable default admin user" For security reasons, you must disable the default admin
user and create a different administrative user with a new name and password (Management
Console Enterprise only). See Managing Users.

 Important: Set time zone

You should select your time zone at this point. If you do not set the desired time zone, you may run schedules at an
undesirable time.

The PCoIP Management Console web user account has the following default user name and
password when it is first deployed:

• User name: admin

• Default password: password

• Default Role: System Administrator

To change the admin account password:

1. Click SETTINGS and then AUTHENTICATION to display the MANAGEMENT CONSOLE USERS
window.

2. In the USERNAME column, select admin and then click EDIT.

3. In the New Password field, enter the new password.

4. In the Confirm Password field, enter the password again.

5. Click SAVE.

Re-enabling the PCoIP Management Console’s Web UI Admin

User Account
The PCoIP Management Console virtual machine contains a script that lets you re-enable the
PCoIP Management Console web UI admin account from the PCoIP Management Console virtual
machine console command line. This is useful if you disable the admin account from PCoIP
Management Console Enterprise and subsequently transition to PCoIP Management Console Free
before re-enabling the account from the PCoIP Management Console web UI. In this case, you can
run this script to re-enable the admin user and enable administrative access to the PCoIP
Management Console Free web UI.

To re-enable the admin account:

1. Select one of the following choices depending on whether you are using the OVA or AMI
version of PCoIP Management Console.

• Open the PCoIP Management Console console from vSphere Client. See Logging in to the
PCoIP Management Console OVA Virtual Machine Console.

• SSH into the PCoIP Management Console AMI console.

2. Log in using the PCoIP Management Console console admin user name and password.

3. Change to the scripts directory:

cd /opt/teradici/scripts

4. Type the following command to run the script:

./enable_admin.sh

Reverting the PCoIP Management Console’s Web UI Admin User

Password
The PCoIP Management Console virtual machine contains a script that lets you revert the
password for the PCoIP Management Console’s web interface admin user to password (the default)
from the PCoIP Management Console console command line. This is useful if administrators lose

their PCoIP Management Console web interface passwords and need a way to get logged in
again.

To revert the admin account password to its default value:

1. Open the PCoIP Management Console console from vSphere Client. See Logging in to the
PCoIP Management Console OVA Virtual Machine Console .

2. Log in using the PCoIP Management Console console admin user name and password.

3. Change to the scripts directory:

cd /opt/teradici/scripts

4. Type the following command to run the script:

./reset_admin_password.sh BCRYPT New_Password

 Password Hashes

There are two hash arguments when resetting the admin password. BCRYPT is the recommended hash
argument to use for passwords over SHA512

Changing the PCoIP Management Console Virtual

Machine Default 'Root' Password

For security reasons, the root user is not used for PCoIP Management Console administration.
This user account has a large, randomly-generated password that is not published. To secure the
PCoIP Management Console, it is critical to change this password immediately after installation.

 Virtual Machine Password

On first boot, the PCoIP Management Console generates a random password. Though the password is randomly
generated, it is still recommended that you change this password. Consult with your security team to ensure your new
password conforms with your local security policy.

To change the virtual machine default root password:

1. Log in to your PCoIP Management Console virtual machine console as admin.

2. Type the following command at the prompt:

sudo passwd root

3. When prompted, enter the new password twice:

Changing password for root user.

New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Migrating PCoIP Management Console

This section provides details of how to migrate PCoIP Management Console to another version of
the software.

Migrating from PCoIP Management Console 1

Follow the steps outlined here to migrate your PCoIP Management Console 1 to PCoIP
Management Console version 2 or later. This section only applies to PCoIP endpoints.

 Caution: PCoIP Management Console properties

Not all properties from PCoIP Management Console 1 have been migrated to the current release of PCoIP
Management Console. For further details, see PCoIP Management Console 1 Profile Properties Renamed or Not
Migrated

Step 1: Install and configure this version of PCoIP Management

Console

 Management Console formats

These instructions are for configurations using the OVA format of this release of Management Console. Different
formats (AMI, RPM) will require similar steps.

To install and configure the current OVA version of PCoIP Management Console:

1. To install PCoIP Management Console using vSphere Client:

2. To log in to virtual machine console from vSphere Client:

3. Changing the PCoIP Management Console Virtual Machine Default User Password

4. Changing the Default Network Configuration.

5. Managing Licenses Online (optional).

6. If you are using an auto discovery method, update your DHCP or DNS server with the new
PCoIP Management Console information:

• Configuring DHCP Options (for DHCP discovery)

• Adding the DNS SRV Record (for DNS discovery)

• Adding a DNS TXT Record (for DNS discovery)

7. Using the Web Interface for the First Time.

8. Changing the PCoIP Management Console Web Interface Default Password.

Teradici recommends that you disable the web UI admin user and create a new PCoIP
Management Console administrative user.

9. From the PCoIP Management Console web UI, upload the desired 5.0 or later firmware file for
your endpoints.
At least one 5.0 or later firmware image must be uploaded before a profile can be created.

Step 2: Import profiles, create groups, and assign profiles to the

groups
To import profiles, create and assign profiles to groups:

1. Log in to your PCoIP Management Console 1 web UI and make a note of the names of the
profiles you want to import.

 Note

Profile names are case- and white space sensitive.

2. Ensure that you can connect to your PCoIP Management Console 1 SSH server from your
PCoIP Management Console virtual machine. To test:

a. From the newly installed PCoIP Management Console virtual machine command line,
type ssh teradici@<MC 1 IP address> .

b. Enter your PCoIP Management Console 1 virtual machine password.

c. Type exit to close the session and return to PCoIP Management Console.

3. Import profiles into this PCoIP Management Console.

4. From the PCoIP Management Console web UI, refresh the PROFILE page and check that your
profiles have been moved over.

© 2019 Teradici 65
Step 3: Migrate each group of PCoIP Management Console 1 endpoints to this version of PCoIP Management Console

 Note: Importing process creates tab for endpoints

The profile import process will create a tab for Tera2 Dual and Quad Zero Clients and Remote Workstation
Cards. If you are only migrating one type of enpoint (quad or dual), it is recommended that you delete the tab for
the other type to avoid accidentally configuring the wrong profile type. For example, if you are only migrating
dual zero clients and you set properties in the QUAD tab, the profile will not be applied.

5. Select each profile and click EDIT to check that the profile settings are correct. For example, if
your PCoIP Management Console 1 profile contained a certificate file, this file should also be
present in your new PCoIP Management Console profile.

 Note: OSD logo is never imported

The OSD logo is never imported. While you are in edit mode, you can manually add this logo to your PCoIP
Management Console profile or modify the profile as desired. For details about other profile properties that are
not migrated or that have been renamed by the profile import process, see PCoIP Management Console 1 Profile
Properties Renamed or Not Migrated.

6. From the PCoIP Management Console 1 web UI, make a note of the groups that contain the
endpoints you want to migrate and then create the groups from the new ENDPOINTS page on
the new PCoIP Management Console using the same group names.

7. Associate the correct profile with each group in turn.

Step 3: Migrate each group of PCoIP Management Console 1

endpoints to this version of PCoIP Management Console
If you have a large deployment, Teradici recommends that you migrate your endpoints on a group-
by-group basis, checking that the endpoints in each group have successfully migrated to the new
PCoIP Management Console, before proceeding with the next group.

To migrate each group of endpoints:

1. Create and enable an auto configuration rule.

2. From PCoIP Management Console 1, upgrade Tera2 PCoIP endpoints to firmware 5.0 or later.

3. If you are not using DHCP options or DNS service record discovery, perform a manual
discovery from the new PCoIP Management Console to discover the endpoints.

© 2019 Teradici 66
Step 3: Migrate each group of PCoIP Management Console 1 endpoints to this version of PCoIP Management Console

4. Refresh the new PCoIP Management Console ENDPOINTS page and check that the endpoints
have been discovered and placed in the correct group with the correct associated profile.

Importing Profiles from PCoIP Management

Console 1

PCoIP Management Console provides a profile import script that enables you to import your
PCoIP Management Console 1 profiles into newer releases of PCoIP Management Console

Before You Import Your Profiles

Before beginning, ensure the following prerequisites are in place:

• For PCoIP Zero Clients and PCoIP Remote Workstation Cards, ensure you have uploaded the
firmware version used in your profiles, otherwise migrated profiles will be assigned the latest
firmware version that exists in PCoIP Management Console.

• The import script requires the following firmware conditions be met, or the migration script
will abort and provide an error message.

Firmware applied in PCoIP Management Console Firmware required to be preloaded to PCoIP Management Console 3 or
1 profile being migrated later for migration script to run successfully

No firmware applied to MC1 profile Client and Remote Workstation Card

Client only Client

Remote Workstation Card only Remote Workstation Card

Client and Remote Workstation Card Client and Remote Workstation Card

• You know your PCoIP Management Console 1 user password (that is, the password for the
teradici administrative user) if it was changed. The default password is 4400Dominion.

• You know the PCoIP Management Console 1 profile name(s).

 Note: PCoIP Management Console 1

Profile names are case and white space sensitive.

• Both PCoIP Management Console 1 virtual appliance and the new PCoIP Management
Console virtual appliance reside on the same network.

• PCoIP Management Console virtual appliance is able to open an SSH tunnel to the PCoIP
Management Console 1 virtual appliance over port 22.
To test if the virtual appliance is able to open an SSH tunnel:

• From your PCoIP Management Console VM console, type ssh teradici@< PCoIP Management
Console 1 IP address or domain name >.

• Enter your PCoIP Management Console 1 VM password.

• Type exit to close the session and return to your PCoIP Management Console.

• On PCoIP Management Console 1.x, you perform the following steps:

a. With root privileges, modify /etc/postgresql/9.1/main/postgresql.conf by replacing

the line
listen_addresses = 'localhost' with listen_addresses = '*' .

!!! tip "Commented lines" Note that any code preceded by the # symbol is a comment. The
functioning line of code in this step is located at the bottom of the file.

b. With root privileges, modify /etc/postgresql/9.1/main/pg_hba.conf by appending a

new line host all all 0.0.0.0/0 md5 and saving the file.

c. Reboot MC1 and make sure the changes were saved.

• On PCoIP Management Console 3.x or newer releases, you perform the following step:

1.Run the command sudo iptables -I INPUT 1 -p tcp -m state --state NEW --dport
5432 -j ACCEPT

Importing Individual PCoIP Management Console 1 Profiles

To import profiles to PCoIP Management Console release 2 or later, run the migration script shown next for
each profile that you want to import:

1. Log in to your new PCoIP Management Console VM console. See Logging in to the VM
Console on page 1.

2. Change to the migration_script directory:

cd /opt/teradici/database/legacy/migration_script

3. Run the script (one or more times) to migrate one profile at a time using one of the following
commands:

• If you have not changed the PCoIP Management Console 1 user password:
./migrate_mc1_profile.sh -a <MC 1 address> -p <"profile name">

• If you have changed the PCoIP Management Console 1 user password:

./migrate_mc1_profile.sh -a <MC 1 address> -p <"profile name"> -l <MC 1
user password>

where <"profile name"> is the exact PCoIP Management Console 1 profile name enclosed
in double quotes (for example, "My Profile").

 Important: In PCoIP Management Console 1

Profile names are case and white space sensitive.

4. Load (or reload) the newPCoIP Management Console PROFILE page to see the migrated
profiles. See Managing Profiles.

Troubleshooting the Profile Import Script

The profile import script is case and white space sensitive because PCoIP Management Console 1
profile names are case and white space sensitive. If the script is unable to find your 1.10.x profile,
try copying the exact profile name from PCoIP Management Console 1.

To copy the exact profile name from PCoIP Management Console 1:

1. In the PCoIP Management Console 1 PROFILES page, click the profile’s Edit link.

2. In the Edit Profile dialog, select the entire content of the Name field and copy it.

3. When you run the script, paste this name enclosed in double quotes as the < profile name > in
the migration script instructions.

Migrated Profile Naming Rules

Migrated profiles are named according to the following rules:

• If there is no profile in the new PCoIP Management Console with the PCoIP Management
Console 1 profile name, then the migrated profile is called the same name as was used in
PCoIP Management Console 1.

• If there is a profile in the new PCoIP Management Console with the PCoIP Management
Console 1 profile, then the migrated profile is called the PCoIP Management Console 1 name
with imported appended to it. If that name is already taken, then the script appends #, where #
is an integer that starts counting up from one until it finds a name that is not taken.

For example, if the new PCoIP Management Console does not have a 'My Profile' profile, importing
this profile four times from PCoIP Management Console 1 would result in the following PCoIP
Management Console profile names.

Migrated Profile Naming Example

# of Times Migrated PCoIP Management Console 1 Profile Name PCoIP Management Console Profile Name

1 My Profile My Profile

2 My Profile My Profile_imported

3 My Profile My Profile_imported 1

4 My Profile My Profile_imported 2

 Sort the DESCRIPTION column to show the last created profile

If you are unsure what name the migrated profile is called, sort the profile table’s DESCRIPTION column by the last
created description. The most recently created profile will be at the top. See Displaying Profile Information.

Profile Properties Renamed in PCoIP Management Console or

Not Migrated
The list of PCoIP Management Console 1 profile properties that have been renamed in PCoIP
Management Console, or are not migrated when you import a PCoIP Management Console 1
profile to PCoIP Management Console, are in PCoIP Management Console 1 Profile Properties
Renamed or Not Migrated.

Running Different PCoIP Management Console

Versions in Parallel

During the migration process to a new PCoIP Management Console, you will need to run both
PCoIP Management Console 1 and the new PCoIP Management Console in parallel. You may also
need to operate two versions of the PCoIP Management Console if you have endpoints that
cannot be updated to firmware version 5.0 or later.

 Note: Test a small number of endpoints first before upgrading all the endpoints

Test a small number of endpoints before upgrading all the endpoints in your system. Place them in a test group in a
segregated network. If you are using automatic discovery, this may require modifications to your DHCP options or
DNS SRV records.

An endpoint can only be managed by one PCoIP Management Console at a time. If you are using
DHCP options discovery and you plan to keep some of your endpoints managed by PCoIP
Management Console 1, you can configure your DHCP server with the PCoIP Endpoint MC
Address option on a scope-by-scope basis. See Configuring Endpoints using Auto Discovery for
details.

 Note: Ensure different versions of PCoIP Management Console have different IP addresses

If you are running PCoIP Management Console 1 in parallel with a newer PCoIP Management Console, ensure the two
versions of the PCoIP Management Console have different IP addresses.

The table shown next lists interoperability issues when running a newer release of PCoIP
Management Console in parallel with PCoIP Management Console 1.

Current versions of PCoIP Management Console and PCoIP Management Console 1 Interoperability

Category PCoIP Management Console PCoIP Management Console 1

(2.x to Current Version) (1.10.8)

Endpoint PCoIP endpoints must run firmware 5.0 or PCoIP Endpoints must run a 4.x firmware
firmware later. PCoIP Management Console cannot version. PCoIP Management Console 1
discover and manage endpoints running cannot discover and manage devices
previous versions of the firmware. running firmware 5.0 or later.

DHCP/DNS Current versions of PCoIP Management For information on DHCP and DNS
discovery Console use a different format for DHCP discovery for PCoIP Management Console
options and DNS SRV records from PCoIP 1, see the PCoIP Management Console 1.x
Management Console 1. User Manual.

Management PCoIP endpoints are managed by at most Zero clients can be managed by more than
one PCoIP Management Console. one PCoIP Management Console 1
simultaneously.

Database Cannot import PCoIP Management Console 1 Importing a database from a current version
database. of PCoIP Management Console is not
supported

Profiles You can import PCoIP Management Console Importing profiles from a current version of
1.10.x profiles. PCoIP Management Console is not
supported

Communication Does not communicate with PCoIP Does not communicate with current
Management Console 1. versions of PCoIP Management Console.

Migrating PCoIP Management Console to a Newer

Release

 Note: DNS Records

Ensure your PCoIP Management Console has a correctly configured A record and PTR record on your DNS server. It is
important to maintain the IP address and DNS hostname of your currently deployed PCoIP Management Console
when migrating to a newer release. This enables a seamless transition to the new PCoIP Management Console and
eliminates unnecessary PCoIP endpoint configuration as each endpoint is configured to report to the previous PCoIP
Management Console IP address.

 Tip: Disable Auto-Config and Scheduling

Consider turning off Auto-Config and Scheduling prior to doing a db backup. Performing this step ensures both
features will be off when you restore the db preventing unexpected schedules from running and preventing new
devices from suddenly appearing in the PCoIP Management Consoleduring the migration process. After confirming a
successful db restore consider re-enabling Auto-Config and Scheduling.

These instructions explain how to migrate PCoIP Management Console 2.x or later to a more
current PCoIP Management Console release.

To migrate PCoIP Management Console to a newer release:

1. Connect to your PCoIP Management Console virtual machine console that you wish to
migrate from and log in using the admin account and password. See Accessing the PCoIP
Management Console Virtual Machine Console.

• If migrating from PCoIP Management Console 2.x go to step 2.

• If migrating from PCoIP Management Console 3.x or 19.x go to step 3.

2. PCoIP Management Console 2 users. Perform the following steps to record the IP address,
netmask, and default gateway:

a. Type sudo system-config-network to launch the network configuration tool.

b. From the main menu, select Device configuration.

c. In the next screen, select eth0 (eth0) - vmxnet3.

d. Make a note of PCoIP Management Console 2's static IP address, netmask, default
gateway, and DNS server. If no IP information is displayed, it is because the PCoIP
Management Console 2. is configured to use DHCP which is not recommended. See
Assigning a Static IP Address.

e. Select Ok.

f. In the next screen, select Cancel.

g. In the next screen, select Quit. Teradici does not recommend changing the PCoIP
Management Console 2 DNS configuration.

3. PCoIP Management Console 3 users. Perform the following steps to record the IP address,
netmask, and default gateway:

a. Type sudo nmtui to launch NetworkManager TUI.

b. From the main menu, select Edit a connection.

c. In the next screen, select eth0, and press Enter .

d. Make a note of PCoIP Management Console 3's static IP address, netmask, default
gateway DNS servers, and domains (if configured). If no IP information is displayed, it is
because the PCoIP Management Console is configured to use DHCP which is not
recommended. See Assigning a Static IP Address.

e. Select < OK > or < Cancel > and press Enter .

f. Select < Back > to return to the main screen.

Teradici does not recommend changing the PCoIP Management Console hostname using
this tool.

g. In the next screen, select Quit.

4. Manage your PCoIP Management Console certificate (applies to custom PCoIP Management
Console certificates only):

 Note: Skip this step if using the default Teradici signed certificate

Skip this step if you are using the default Teradici self-signed PCoIP Management Console certificate.

• If you plan to use your custom PCoIP Management Console certificate after upgrading,
Teradici recommends that you copy it to a safe location where you can retrieve it to use
with the new PCoIP Management Console. See Managing PCoIP Management Console
Certificates.

• If you plan to use a new custom PCoIP Management Console certificate after upgrading,
first you will need to update your endpoint profiles to include the new PCoIP Management
Console certificate (or its issuer) and push the profile out to every endpoint, including any
ungrouped endpoints, before deploying the new console. If necessary, use each individual
endpoint’s AWI to upload the new PCoIP Management Console certificate (or its issuer) to
the endpoint. See Managing Profiles.

 Important: Update endpoint profile's new certificate before deploying the upgrade

Ensure that you roll out the new certificate to the endpoints prior to deploying the new PCoIP Management
Console; that is, update your profile certificates using the original console. Otherwise, you will lose the
management of the endpoint.

5. Back up and download the current PCoIP Management Console database archive file to an
external location before beginning the upgrade:

a. Log in to the PCoIP Management Console web interface.

b. From SETTINGS > DATABASE, select BACK UP.

c. Enter a description for the backup and click BACK UP.

d. When the backup completes, select the file in the database table, click DOWNLOAD, and
then save the archive file. You will need to retrieve this file later.

 Important: database upgrades

Some older versions can generate large databases that can cause issues during upgrades. See knowledge base
article 1029 for workarounds.

6. If you are using PCoIP Management Console Enterprise, record the following licensing
information by running the /opt/teradici/licensing/mc_view_lic.sh script:

• Fulfillment ID

• Entitlement ID (activation code)

 Tip: Finding information

Refer to Viewing Installed Licenses for online installations or Viewing Installed Licenses for offline installations
to obtain your Fulfillment or Entitlement ID.

7. If you are using PCoIP Management Console Enterprise, from it's console, deactivate the
PCoIP Management Console Enterprise license by running one of the following commands:
/opt/teradici/licensing/mc_return_lic.sh -f <fulfillment_ID>
If behind a proxy:

/opt/teradici/licensing/mc_return_lic.sh -f <fulfillmentId> -p
[<user:password>@] <proxyhost:port>

8. Shut down the PCoIP Management Console virtual appliance.

9. Follow the instructions in deploying PCoIP Management Console to deploy the new PCoIP
Management Console release. See Installing PCoIP Management Console using vSphere.

10. Connect to your PCoIP Management Console virtual machine console. See Logging in to the
PCoIP Management Console OVA Virtual Machine Console.

11. Log in as admin using the default password (ManagementConsole2015) and change the
admin user password. See Accessing the PCoIP Management Console Virtual Machine
Console.

12. Modify the upgraded PCoIP Management Console to use the same network settings as the
previous PCoIP Management Console release. See Changing the Default Network
Configuration.

 Note: Reserve IP address against the new virtual machine if using DHCP reservation

If you are using DHCP reservation, reserve the IP address against the new PCoIP Management Console virtual
machine. Otherwise, see Assigning a Static IP Address for instructions.

13. Restart the PCoIP Management Console and ensure it has the correct addressing information.

14. If you are using PCoIP Management Console Enterprise, activate its license by running one of
the following commands:
'/opt/teradici/licensing/mc_activate_lic.sh -k < entitlementID >'
From behind a proxy:

/opt/teradici/licensing/mc_activate_lic.sh -k <entitlementID> -p
[<user:password>@ <proxyhost:port>

 Tip: Finding information

Refer to Activating Licenses for online installations or Activating Your PCoIP Management Console License from
a Location Without Internet Access for offline installations to obtain your Fulfillment or Entitlement ID.

15. Log in to the PCoIP Management Console web interface using the following default user
account:

• User name: admin

• Password: password

16. If you are using a custom PCoIP Management Console certificate (either the custom
certificate from the previous PCoIP Management Console release or a new custom
certificate), upload the certificate to the new PCoIP Management Console. For more
information creating and uploading your own certificate, see Managing PCoIP Management
Console Certificates.

 Note: Skip this step if using the default Teradici signed certificate

If you are using the default Teradici self-signed PCoIP Management Console certificate, skip this step.

17. Upload the database archive file you saved in step 5, and then restore the database. See
Managing PCoIP Management Console Databases.

!!! important "Important: This step reverts user accounts and passwords to previous PCoIP
Management Console release" This step replaces all users on the system with the user
accounts and passwords that existed on the previous PCoIP Management Console. If you
changed the default web UI password for the admin account, it will not be the Teradici default
password. If necessary, you can revert the admin account password to its default value and
then reset the password. To revert the password, see Reverting the PCoIP Management
Console Web Interface Default Password.

18. Log in again using your standard user account.

19. Check the MC Health field on the DASHBOARD page to ensure the PCoIP Management Console
status is GOOD. See Understanding the PCoIP Management Console Dashboard.

20. From the ENDPOINTS page, click REFRESH to see endpoints begin contacting the new PCoIP
Management Console. You can also verify groups, profiles, schedules, and auto configuration
rules at this time. See Managing Endpoints.

Managing Tera2 PCoIP Zero Client and Remote

Workstation Card Firmware

This section provides an overview of how to upgrade or downgrade your version of the Tera2
PCoIP Zero Client or PCoIP Remote Workstation Card firmware.

 Caution: Firmware in migrated profiles

When using profiles from PCoIP Management Console 1 that were migrated to newer versions of PCoIP Management
Console, ensure firmware requirements are met. For Tera 2 PCoIP Zero Clients, you have uploaded at least one
firmware 5.0 or later firmware image to PCoIP Management Console or newer. Migrated profiles will be assigned the
latest firmware version that is present on PCoIP Management Console.

Upgrading Endpoints to Firmware 5.0 or Later

PCoIP Management Console cannot upgrade endpoints running firmware versions prior to 5.0.
Instead, you can perform this step remotely for a group of endpoints using PCoIP Management
Console 1 or you can update the firmware for individual endpoints locally using each endpoint’s
AWI.

 Important: Test the upgrade with a small group of test endpoints

Before upgrading all your endpoints, first test the procedure with a small group of test endpoints to ensure that they
can be discovered and managed by PCoIP Management Console.

 Caution: PCoIP Remote Workstation Cards Limitations

Remote workstation cards cannot be powered down or reset by the PCoIP Management Console as they need the
host PC to be restarted. An alternate method of restarting the host PC will be required to complete the PCoIP remote
workstation card firmware update.

Upgrading Firmware Using PCoIP Management Console 1

To update the firmware for a group of endpoints using PCoIP Management Console 1:

1. Ensure that the endpoints you wish to update are placed in their own group. Depending on
your site configuration, this may require modifications to your DHCP options or DNS SRV
records, or it may require disabling persistent auto-configuration or placing the endpoints into
a segregated network with a new PCoIP Management Console 1.

2. From the PCoIP Management Console 1 or later home page, click Update Firmware.

3. Click the Import Firmware link to transfer the firmware 5.0 or later release file from your host
machine to the PCoIP Management Console 1 virtual machine.

4. Click Browse, locate the combined firmware file, and then click Open. This file will have a
.pcoip extension.

5. Click Import Now to transfer the firmware 5.0 or later release file from your host machine to the
PCoIP Management Console 1 virtual machine.

6. Click the Update Devices link.

7. In the Select Devices to Update section, you can further define the endpoints you wish to
upgrade by 3 different groupings.

• Device Family: lists the Teradici processor family used by the endpoint Tera2.

• Version Number: represents the currently applied firmware on the endpoints you want to
update (for example, 4.8.0).

• Group: lists any groups you have previously configured for endpoint management.

 Tip: Upgrade firmware one group at a time

Teradici recommends upgrading firmware one group at a time. Groups that are not migrated and will have to be
recreated manually in the new PCoIP Management Console.

8. Click View Devices to Update.

9. Select the endpoints you wish to update, choose the desired endpoint restart and schedule
options, and then click Schedule Update.

10. If desired, click View Status to watch the update status of the endpoints.

 Note: Update endpoint firmware by applying a profile

You can also update endpoint firmware by applying a profile that contains an associated firmware file. For information
about managing endpoints with PCoIP Management Console 1, see the PCoIP Management Console 1.x User
Manual.

After the endpoints reboot, they are no longer online in PCoIP Management Console 1. If you
configure the endpoints to include the address for the newer PCoIP Management Console, or
update your DHCP options appropriately, then the endpoints are present in the new PCoIP
Management Console in a few minutes.

Upgrading Firmware Using the Endpoint’s AWI

To update the firmware for an individual endpoint using the AWI:

1. Enter the endpoint’s IP address in your browser’s address bar and then log in to its AWI.

2. Select the Upload > Firmware menu.

3. From the Firmware Upload page, browse to the folder containing the firmware file. This file will
have an .all extension.

4. Double-click the '.all' firmware file and then click **Upload*.

5. Click OK to confirm that you want to proceed with the upload. The operation may take a few
minutes. When completed, the AWI page displays two buttons—Reset and Continue.

6. Click Reset.

7. Click OK.

For more information about the AWI, see Tera2 PCoIP Zero Client Firmware 4.x and Remote
Workstation Card Firmware 4.9 Administrators' Guide (for endpoints prior to firmware version 5.0)
or Tera2 PCoIP Zero Client Firmware Administrators’ Guide and Tera2 PCoIP Remote Workstation
Card Firmware Administrators’ Guide (for Tera2 PCoIP Zero Clients and PCoIP Remote
Workstation Cards running firmware version 5.0 or later).

Downgrading Endpoints to Firmware 4.x

From PCoIP Management Console, you can apply a profile to a group of endpoints running
firmware 5.0 or later to remotely downgrade their firmware to version 4.x. Alternatively, you can
downgrade the firmware on an individual endpoint using the endpoint’s AWI.

 Important: Perform a firmware upload twice when downgrading firmware to 4.8.x on a Tera2 zero client

For Tera2 PCoIP Zero Clients, you will need to perform a firmware upload twice. This is because the current firmware
installed in the endpoint also contains a recovery image that exists in a different location in flash memory from the
firmware image. When you upload a new firmware file to the endpoint, the recovery image is left untouched to
guarantee that if the firmware upload fails, a bootable image to boot from still exists. It is therefore necessary to
perform another full upload to ensure that the recovery image is completely removed. When using PCoIP
Management Console to perform a downgrade to firmware 4.8.x the second firmware upload will need to be
completed using PCoIP Management Console 1. Alternatively, you can upload the firmware twice from the zero client
AWI. For more details about recovery mode, please see Tera2 PCoIP Zero Client Firmware Administrators' Guide . This
does not apply to remote workstation cards.

Downgrading Endpoint Firmware Using a PCoIP Management

Console Profile
Before you begin, be sure you assign the firmware for the endpoints you wish to downgrade to a
group. See Organizing Endpoints into Groups to find out more.

Downloading the Firmware

All access subscribers can obtain the latest firmware by navigating to the Teradici Support Center
and selecting your endpoint type from the PCoIP Products section. Zero client users will be able to
access the download button for your required version of firmware. Remote Workstation Cards
users will have an additional Remote Workstation Card button to select before the firmware
download is displayed.

Uploading the Firmware to the PCoIP Management Console

To upload the firmware to the PCoIP Management Console:

1. Download the firmware 4.8 file for zero clients, and if required the 4.9 file for remote
workstation cards and extract the package contents.

2. From PCoIP Management Console, click SETTINGS > SOFTWARE to display the SOFTWARE
MANAGEMENT window.

3. Click Add Software/Firmware.

4. Click Select file, select the combined firmware .pcoip file that you extracted previously, and
then click Open and Upload to upload the file to the PCoIP Management Console.

Associating a Profile with a Group

To associate a profile with a group:

1. In the PCoIP Management Console top menu, click PROFILE and then NEW PROFILE.

2. Enter a name and description for the 4.8.x or 4.9 firmware profile.

3. Click the + tab, select the appropriate profile option and click ADD.
Options are:

• TERA2: CLIENT [DUAL] - (latest firmware is 4.8.x)

• TERA2: CLIENT [QUAD] - (latest firmware 4.8.x)

• TERA2: HOST [DUAL] - (latest firmware 4.9)

• TERA2: HOST [QUAD] - (latest firmware 4.9)

4. In the SOFTWARE section, select the firmware file from the Firmware Version drop-down list,
and then click SAVE.

5. From the ENDPOINTS page, select the group containing the endpoint(s) you want to
downgrade.

6. Click PROFILE and then select CHANGE.

7. In the drop-down list, select the profile you just created, and then click OK.

8. Select the I understand message and click OK again.

Applying the Profile Immediately

You can apply the profile immediately to either a group of endpoints or an individual endpoint.

To apply the group or individual profile immediately:

1. In the PCoIP Management Console top menu, click **ENDPOINT**S and select the desired
group or endpoint.

2. Click PROFILE and then select APPLY.

3. Enable the I understand message and then click APPLY.

4. From the DASHBOARD, check Endpoint Updates in Progress in the CURRENT ACTIVITY section
for information about the update.

 Note: Synchronize firmware image after applying profile

After the profile applies, the selected PCoIP zero clients will automatically restart and upload the 4.8.x firmware
image. The PCoIP remote workstation cards will need to be restarted manually before it uploads the 4.9.x firmware
image. After the restart, the endpoints will either no longer appear in the ENDPOINTS table or they may appear as
offline. The PCoIP Management Console will not be able to manage them. To synchronize the recovery image
(applicable to zero clients only) in flash memory, perform the update again from PCoIP Management Console 1 using
the UPDATE > Update Devices > Update Firmware feature. For details, see the PCoIP Management Console 1.x User
Manual.

Creating a Schedule to Apply the Profile (Enterprise)

You can also create a schedule to apply the profile at a specific date and time.

To create a schedule to apply the profile:

1. In the PCoIP Management Console top menu, click SCHEDULE.

2. Ensure that the All Schedules setting is toggled to ON.

3. Select NEW SCHEDULE.

4. Configure the parameters as follows:

• Type: Select Apply Profile.

• Name: Enter a name for the schedule.

• Description: Enter a description for the schedule.

• Enabled: Toggle to ON.

• Groups: Click ADD, select the group containing the endpoints you want to downgrade, and
then click ADD.

• Start Time: Click the time zone widget and select the desired date, then click the clock
widget below the calendar and select the desired time.

 Note: Change the default time zone

By default, the PCoIP Management Console time zone is Coordinated Universal Time (UTC). If you are in a
different time zone, you can display the PCoIP Management Console web interface in your own time zone to
facilitate creating schedules. See Config_local_time.md.

• Ensure that Run Once is selected.

5. Click SAVE at the top of the page.

6. From the DASHBOARD, check UPCOMING SCHEDULES to see schedule information. When the
schedule runs, you can view its progress by checking Endpoint Updates in Progress in the
CURRENT ACTIVITY section.

Discovery Process Overview

Before endpoints can be managed by the PCoIP Management Console, they must first be
discovered. Once discovered, the PCoIP Management Console will label the device as either a local
or remote endpoint.

During the discovery process, the PCoIP Management Console determines whether a device is
local or remote by comparing the IP address of the communicating endpoint with the IP address
that the endpoint is configured with. If the two addresses are the same, the PCoIP Management
Console labels the endpoint as a local endpoint. If the two IP addresses are different, such as in
networks utilizing NAT devices, the PCoIP Management Console labels the endpoint as a remote
endpoint. The PCoIP Management Console also labels an endpoint as local if the endpoint reports
its IP address in the configured Local IP Address Ranges field found on the SETTINGS > REMOTE >
REMOTE CONFIGURATION page. Endpoints identified as remote endpoints require a reverse proxy
and additional configurations which are further described in Remote Endpoint Management
(Enterprise)

This topic provides an overview of the main steps of the PCoIP endpoint discovery process.

 Important: Replace the default self-signed certificate with your own before configuring a discovery method
and adding endpoints

Teradici strongly recommends that you replace the PCoIP Management Console self-signed certificate with your own
PCoIP Management Console certificates before configuring a discovery method and before adding endpoints to the
PCoIP Management Console. See Managing PCoIP Management Console Certificates for details.

The following diagram illustrates how endpoints discover a PCoIP Management Console.

 Note: PCoIP Management Console serves as both Endpoint Bootstrap Manager and Endpoint Manager

The PCoIP Management Console serves as both the Endpoint Bootstrap Manager and the Endpoint Manager. It is
possible that other endpoint managers of the PCoIP Management Console may separate these roles.

An illustration of PCoIP endpoint discovery process

Endpoint Discovery Process

The steps outlined in the preceding illustration are explained next.

 Note: Endpoint Bootstrap Manager and Endpoint Manager information

The Endpoint Bootstrap Manager/Endpoint Manager information with which an endpoint must be provisioned before
it can be discovered depends on the endpoint’s discovery method and security level. You can configure both these
options from the endpoint’s AWI Configuration > Management page. Please see Tera2 PCoIP Zero Client Firmware
Administrators’ Guide for details. See also Configuring an Endpoint Manager Manually from an Endpoint for
instructions on how to manually configure an Endpoint Manager from its AWI Management page.

Stage 1: Provisioning Endpoints

There are three ways in which you can provision endpoints with endpoint bootstrap manager or
endpoint manager information for automatic and manual discovery — DHCP vendor-specific
options, DNS service and text records, Uniform Resource Identifier (URI).

The first stage provisions endpoints with the information they need either to connect to the
Endpoint Bootstrap Manager for bootstrapping, or to connect directly to the Endpoint Manager.
Depending on the endpoint’s configured discovery method, you can manually enter the information
or it can be provisioned automatically.

Discovery Methods

For automatic discovery, endpoints are populated with the IP address or FQDN of the PCoIP
Management Console to which they should connect via DHCP vendor-specific options or DNS
service and text records. Optionally, endpoints can also be configured with the PCoIP Management
Console certificate’s fingerprint (that is, its digital signature) by the DHCP or DNS server. If the
PCoIP Management Console certificate fingerprint is provided in the DHCP or DNS record, the
endpoint (in low security mode) will verify the PCoIP Management Console certificate by only
matching the fingerprint. This is intended for use cases where the PCoIP Management Console
trusted root CA certificate (the PCoIP Management Console chain certificate) is not uploaded to
the endpoint , or if the PCoIP Management Console certificate does not meet the verification
requirement. If a fingerprint is not provisioned, an endpoint without a trusted PCoIP Management
Console certificate will fail to connect. Automatic discovery is used for low and medium security
environments.

For manual discovery, you manually configure each endpoint with the uniform resource identifier
(URI) of the Endpoint Bootstrap Manager (for low and medium security environments), or with the
URI of the actual Endpoint Manager (for high security environments).

Endpoint Certificate Requirements

Depending on an endpoint’s configured security level, you may also need to provision endpoints
with an PCoIP Management Console certificate.

Endpoints configured for medium or high security must have a trusted certificate in their
certificate store before they can connect to an PCoIP Management Console. For some endpoints,

certificates may be pre-loaded by the vendor as a factory default. Otherwise, you can manually
upload certificates using an endpoint’s AWI.

Endpoints that are configured for low security do not need a PCoIP Management Console
certificate in their trusted certificate stores if either of the following is true:

• They are using DHCP discovery or DNS discovery and the DHCP or DNS server has
provisioned them with the PCoIP Management Console certificate’s fingerprint.

• They are discovered using the PCoIP Management Console’s manual discovery method. See
Discovering Endpoints Manually from PCoIP Management Console.

The following table summarizes the certificate requirement for endpoints based on their discovery
method and configured security level.

Certificate Requirements for Endpoints

Discovery Method Low Security Medium High Security

Security

DHCP/DNS discovery without Endpoint Bootstrap Certificate required Certificate N/A

Manager fingerprint provisioned required

DHCP/DNS discovery with Endpoint Bootstrap Certificate Certificate N/A

Manager fingerprint provisioned *not*required required

Discovery initiated by an endpoint configured for a N/A N/A Certificate

high security environment required

Manual discovery initiated by the PCoIP Certificate not N/A N/A

Management Console required

Information about endpoint security levels is summarized next.

Low Security

When low security is in use, endpoints can be discovered manually from the PCoIP Management
Console. See Discovering Endpoints Manually from PCoIP Management Console.

Endpoints can use DHCP or DNS auto discovery. If the Endpoint Bootstrap Manager fingerprint is
also provisioned by the DHCP or DNS server, endpoints do not require a certificate.

Medium Security

When medium security is in use, endpoints cannot be discovered manually from the PCoIP
Management Console.

Endpoints will not use the certificate fingerprint retrieved from the DHCP or DNS server to trust the
PCoIP Management Console. A PCoIP Management Console certificate or its issuer public key
certificate must be pre-loaded in the endpoint.

High Security

When high security is in use, endpoints cannot be discovered manually from the PCoIP
Management Console and cannot use DHCP or DNS auto discovery.

The Endpoint Manager’s address must be manually entered into the endpoint.

A PCoIP Management Console public key certificate or its issuer public key certificate must be pre-
loaded in the endpoint.

Stage 2: Entering the Bootstrap Phase

Endpoints that have been provisioned with Endpoint Bootstrap Manager information enter a
bootstrap phase where they evaluate the Endpoint Bootstrap Manager’s certificate fingerprint to
determine whether the Endpoint Bootstrap Manager can be trusted. If the certificate fingerprint
match succeeds, the endpoints proceed to the next step.

 Note: High security endpoints configured with Endpoint Manager information bypass the bootstrap process

Endpoints in high security environments that are already configured with Endpoint Manager connection information
bypass the Endpoint Bootstrap Manager bootstrap process and attempt to connect to the Endpoint Manager right
away.

Stage 3: Receiving Endpoint Manager Information

Next, the Endpoint Bootstrap Manager provides the IP address and certificate fingerprint of the
Endpoint Manager to which the endpoint should connect. The endpoint then disconnects from the
Endpoint Bootstrap Manager and attempts to establish a connection with the Endpoint Manager.

Stage 4: Entering the Managed Phase

If Endpoint Manager certificate verification succeeds and the endpoint is able to establish a
successful connection with the Endpoint Manager, the Endpoint Manager connection information
is saved to the endpoint’s permanent storage, and the endpoint enters the managed phase.

Configuring a Discovery Method

 Note: Confirm your endpoint's discovery method

Review the administrators' guide for your endpoint to confirm the discovery method it supports.

The following topics contain information about how to configure an endpoint discovery method:

• Configuring Endpoints using Auto Discovery: Explains how to configure your DHCP server to
provision endpoints with Endpoint Bootstrap Manager information.

• Configuring DNS SRV Record Discovery: Explains how to configure your DNS server to
provision endpoints with Endpoint Bootstrap Manager information.

• Configuring an Endpoint Manager Manually from an Endpoint: Explains how to manually

configure an Endpoint Manager for an endpoint in a high security environment.

• Discovering Endpoints Manually from PCoIP Management Console: Explains how to manually
initiate discovery from the PCoIP Management Console. Endpoints must be configured for low
security if you use this method.

Configuring Endpoints using Auto Discovery

This section explains how to configure your DHCP server to provision endpoints with Endpoint
Bootstrap Manager information.

DHCP Discovery Process

When PCoIP Management Console DHCP vendor class option discovery is used, endpoints receive
a DHCP option value that contains information about the PCoIP Management Console (that is, the
Endpoint Bootstrap Manager/Endpoint Manager) to which they should connect. If an endpoint has
already obtained a DHCP lease before the server is configured with PCoIP Management Console
DHCP options, it will be updated with this information when it renews the lease or acquires a new
one. An endpoint will renew its lease after a reboot or when it detects that the network has
returned after going down (for example, if someone reconnects the endpoint’s network cable after
unplugging one end of it).

 Note: Endpoints also poll DHCP server for option values

Endpoints also poll the DHCP server for option values at an interval equal to half the DHCP lease time.

You can configure your DHCP server with PCoIP Management Console vendor class options to
provide the following information:

• The PCoIP Management Console’s IP address or FQDN.

• The PCoIP Management Console’s certificate fingerprint (digital signature). This fingerprint is
required if you have not installed the PCoIP Management Console’s trusted root CA certificate
(the PCoIP Management Console chain certificate) in the endpoint’s certificate store and you
want to use automatic discovery. DHCP options discovery will not succeed if you do not
provide a digital signature and do not configure endpoints with a certificate that enables them
to trust the PCoIP Management Console. If provided, this fingerprint is only used when the
endpoint’s security level is set to Low Security Environment and certificate verification has failed.
It is ignored when the security level is set to Medium Security Environment or High Security
Environment.

 Note: Configure PCoIP Management Console information using either DHCP options or DNS records

The endpoint only picks up the fingerprint in a DHCP option if the PCoIP Management Console address is also
specified in a DHCP option. For example, if the PCoIP Management Console address is specified as a DNS SRV record
but the fingerprint is provided as a DHCP option, the endpoint will not retrieve the fingerprint information in the DHCP
server. You should configure PCoIP Management Console information using either DHCP options or DNS records, but
not both.

This discovery method requires you to have a DHCP server in your network that meets the
following requirements:

• The DHCP server must support both DHCP option 60 (vendor class identifier) and option 43
(vendor-specific information). Option 60 is sent from the endpoint to the DHCP server. It
contains a text string that uniquely identifies the endpoint type. Option 43 is created by the
user. The steps provided in the sections that follow show how to create a DHCP option 43
called PCoIP Endpoint along with two sub-options under it— EBM URI (sub-option 10) and EBM X.
509 SHA-256 fingerprint (sub-option 11).

• The PCoIP endpoints must have DHCP enabled so they can send a request to the DHCP
server and receive the address of the PCoIP Management Console in response. This is their
default setting.

Before You Begin

These instructions explain how to create a PCoIP Endpoint vendor class and two PCoIP
Management Console PCoIP Endpoint DHCP options.

 Note: Skip adding vendor class if you have previously configured PCoIP Endpoint vendor class

If you have used DHCP vendor class option discovery with a previous 1.x release of the PCoIP Management Console
and have already configured your DHCP server with the PCoIP Endpoint vendor class, you can skip the following
section entitled Adding the PCoIP Endpoint Vendor Class.

Before beginning, you should have the following information handy:

• The PCoIP Management Console’s IP address or FQDN. In the following example, this address
is configured in a DHCP sub-option called EBM URI.

• The PCoIP Management Console certificate SHA-256 fingerprint. In the following example,
this hash value is configured in an optional DHCP sub-option called EBM X.509 SHA-256
fingerprint.

To locate the PCoIP Management Console’s fingerprint:

1. Use Mozilla Firefox to log in to the PCoIP Management Console web interface.

2. Click the padlock icon in the browser’s address bar.

3. Click More Information.

4. Click View Certificate.

5. In the Fingerprints section, copy and paste the SHA-256 fingerprint into a text editor.

 Note: Examples shown use Windows Server 2012 R2

The instructions provided may change slightly depending on your specific server version.

Adding the PCoIP Endpoint Vendor Class

To add the PCoIP DHCP vendor class to your DHCP server:

1. Log in to your Windows Server and select DHCP.

2. Right-click on your DHCP server in the SERVERS pane and select DHCP Manager.

3. Expand your server in the tree, right-click on IPv4, and then select Define Vendor Classes.

4. Click Add to add a new DHCP Vendor Class.

5. Enter PCoIP Endpoint in the Display name field.

6. Enter PCoIP Endpoint in the ASCII column as the Vendor ID.

7. Click OK to save and close the dialog.

Configuring DHCP Options

To add two PCoIP Management Console DHCP options and apply them to a scope:

1. Right-click on IPv4 in the tree and select Set Predefined Options.

2. Select PCoIP Endpoint as the Option class and click Add.

3. In the Option Type dialog, enter the name EBM URI, data type String, code 10, and description
Endpoint Bootstrap Manager URI, then click OK.

4. Click OK to save and close the dialog.

5. For the PCoIP Management Console’s SHA-256 certificate fingerprint, repeat steps 1 and 2 to
add another option.

6. In the Option Type dialog, enter the name EBM X.509 SHA-256 fingerprint, data type String, code
11, and description EBM X.509 SHA-256 fingerprint, then click OK.

7. Expand the tree for the DHCP scope to which you want to apply the options.

8. Right-click Scope Options and select Configure Options.

9. Click the Advanced tab and select the PCoIP Endpoint vendor class.

10. Enable the check box for 010 EBM URI and then enter a valid Management Console URI in the
Data entry field, and click Apply.

This URI requires a secured WebSocket prefix (for example, wss://:[port number]. The PCoIP
Management Console’s listening port is 5172. Entering this port number is optional. If you do
not include it, port 5172 will be used by default.

11. Choose the checkbox for 011 EBM X.509 SHA-256 fingerprint and paste the PCoIP Management
Console certificate SHA-256 fingerprint you obtained previously into the String value field.

12. Click OK to save and close the dialog.

Configuring DNS SRV Record Discovery

This section explains how to configure your DNS server to provision endpoints with Endpoint
Bootstrap Manager information, as part of the endpoint discovery process.

DNS Discovery Process

Endpoints poll the DNS server for information about the PCoIP Management Console (that is, the
Endpoint Bootstrap Manager/Endpoint Manager) to which they should connect only if the DHCP
server does not have a DHCP option containing the PCoIP Management Console’s IP address or
FQDN.

If an endpoint has already retrieved a DNS record before the DNS server is configured with PCoIP
Management Console information, it does not poll the DNS server again until the record’s Time-To-
Live expires (or the endpoint is rebooted). If the DHCP server does provide an option for the PCoIP
Management Console address but the endpoint fails to connect for any reason (for example,
because of a certificate verification failure or the PCoIP Management Console address is not
reachable), DNS record lookup will not occur.

 Note: Do not configure DHCP options when you are using DNS record discovery

Do not configure DHCP options if you want to use DNS record discovery. Endpoints always prefer the PCoIP
Management Console address or fingerprint that is specified in the DHCP options over that specified in the DNS
record. If you provide the PCoIP Management Console address both as DHCP option and also as the DNS record, the
endpoint will only use the PCoIP Management Console address found in the DHCP option.

DNS service record discovery requires you to have a DNS server in your network that is configured
with the following DNS records:

• An address record (A record): Specifies the FQDN and IP address of the PCoIP Management
Console. This record may be automatically created by the DHCP server.

• A service location record (SRV record): Associates information such as the PCoIP Management
Console’s TCP/IP service and the port the PCoIP Management Console listens on with the
PCoIP Management Console’s domain and host name. The PCoIP Management Console’s
TCP/IP service is called _pcoip-bootstrap, as shown in Adding the DNS SRV Record.

• A DNS TXT record: Contains the PCoIP Management Console certificate SHA-256 fingerprint is
also required if you have not installed the PCoIP Management Console’s trusted root CA
certificate (the PCoIP Management Console chain certificate) in the endpoint’s certificate
store and you want to use automatic discovery. The record’s name must be the host name of
the PCoIP Management Console offering the service. In the following example, this record is
called pcoip-mc38719. The domain is appended automatically.

 Note: Endpoint only picks up DNS TXT fingerprint if the PCoIP Management Console address is
specified in a DNS SRV record

The endpoint only picks up the fingerprint from the DNS TXT record if the PCoIP Management Console address
is specified in a DNS SRV record. For example, if the PCoIP Management Console address is specified as a
DHCP option but the fingerprint is provided as a DNS TXT record, the endpoint will not retrieve the fingerprint
information in the DNS server. Configure your PCoIP Management Console information using either DHCP
options or DNS records, but not both.

Before You Begin

Before configuring your DNS SRV record discovery, you'll need the following information:

• The PCoIP Management Console’s FQDN

© 2019 Teradici 100

Adding the DNS SRV Record

• The PCoIP Management Console’s certificate fingerprint (that is, the certificate’s digital
signature). If provided, this fingerprint is only used when the endpoint’s security level is set to
Low Security Environment and certificate verification has failed. It is ignored when the security
level is set to Medium Security Environment or High Security Environment.

To locate the PCoIP Management Console’s fingerprint:

1. Use Mozilla Firefox to log in to the PCoIP Management Console web interface.

2. Click the padlock icon in the browser’s address bar.

3. Click More Information.

4. Click View Certificate.

5. In the Fingerprints section, copy and paste the SHA-256 fingerprint into a text editor.

 Note: Examples shown use Windows Server 2012 R2

The instructions provided may change slightly depending on your specific server version.

Adding the DNS SRV Record

To add the PCoIP Management Console DNS SRV record to DNS server:

1. Log in to your Windows Server and select DNS.

2. Right-click on your DNS server in the SERVERS pane and select DNS Manager from the context
menu.

3. In Forward Lookup Zones, right-click on your domain and select Other New Records from the
context menu.

© 2019 Teradici 101

Adding the DNS SRV Record

4. In the Resource Record Type dialog, select Service Location (SRV) from the list and click Create
Record.

© 2019 Teradici 102

Adding the DNS SRV Record

5. Fill in the entries as shown in the following example. Set Service to _pcoip-bootstrap, Protocol
to _tcp, and Port number to 5172, the PCoIP Management Console’s default listening port. For
Host offering this service, enter the PCoIP Management Console’s FQDN.

 Note: FQDN must be entered in place of IP address

The PCoIP Management Console’s FQDN must be entered because the DNS specification does not enable an IP
address in SRV records.

© 2019 Teradici 103

Adding a DNS TXT Record

6. Click OK.

7. If you are not adding an optional DNS TXT record (see next) and have finished configuring
your DNS server, power cycle your endpoints or put them online to enable them to make the
connection to the PCoIP Management Console. You must also upload the PCoIP
Management Console’s root CA certificate to the endpoint’s certificate store.

Adding a DNS TXT Record

If your endpoints do not have the PCoIP Management Console’s root CA certificate installed in
their certificate store, you must configure your DNS server with a DNS TXT record containing the
PCoIP Management Console certificate SHA-256 fingerprint.

To add a DNS TXT record:

1. In Forward Lookup Zones, right-click on your domain and select Other New Records from the
context menu.

2. In the Resource Record Type dialog, select Text (TXT) from the list and click **Create Record*.

© 2019 Teradici 104

Adding a DNS TXT Record

3. Fill in the entries as follows:

• In the Record name field, enter the host name of the PCoIP Management Console offering
the service (this example uses pcoip-mc38719). The FQDN field will be automatically
populated for you, and matches the FQDN of the PCoIP Management Console.

• In the Text field, type pcoip-bootstrap-cert= and then paste the PCoIP Management
Console certificate SHA-256 fingerprint you obtained previously immediately after this
prefix, as shown in the following example.

4. Click OK.

5. When you have finished configuring your DNS server, power cycle your endpoints or put them
online to enable them to make the connection to the PCoIP Management Console.

 Note: Automatically name and group endpoints

You can configure the PCoIP Management Console to automatically name endpoints and place them in a specific
group when they are discovered. See Auto Naming Endpoints and Auto Configuring Endpoints (Enterprise) for details.

© 2019 Teradici 105

Adding a DNS TXT Record

See Troubleshooting DNS to verify that your DNS server is configured correctly for the PCoIP
Management Console.

© 2019 Teradici 106

Discovering Endpoints Manually from PCoIP Management Console

Discovering Endpoints Manually from PCoIP

Management Console

The ENDPOINTS page contains an ENDPOINT DISCOVERY feature that lets you discover endpoints
that are not pre-configured with PCoIP Management Console information. Endpoints must be
configured for low security before they can be discovered using this method.

 Important: If your endpoints are behind a NAT or proxy

Manual discovery of an endpoint will not work if the endpoint is behind a NAT or proxy.

MANAGEMENT profile properties, Security Level and Discovery Mode have been added to allow the
PCoIP Management Console the ability to apply specific management security level and
management server discovery methods. This enables highly secured environments to pre-stage
endpoints in a secured environment with their future management settings, prior to delivery to
their final location.

 Note: Endpoint discovery options

The PCoIP Management Console also supports the DHCP vendor-specific option method, DNS service record
method, and manual endpoint configuration for endpoint discovery.

You can discover endpoints from the PCoIP Management Console by scanning for their IP
addresses. This discovery method is used in low security environments for endpoints that are not
pre-configured with PCoIP Management Console connection information or certificates. It enables
an improved out-of-box experience by removing the need for administrators to manually configure
an endpoint with a PCoIP Management Console address and upload a PCoIP Management
Console certificate to the endpoint. With this method, the endpoint retrieves the required trust
information from the PCoIP Management Console during the discovery process.

In order for discovery to succeed, the following conditions must apply:

• The endpoint is powered on and connected to the network that is not behind a proxy or NAT.

© 2019 Teradici 107

Configuring the Endpoint for Low Security Environment

• The endpoint is not connected to an Endpoint Manager and has an Idle management status
(that is, is not engaged in any kind of PCoIP Management Console activity).

• The endpoint is configured for a Low Security Environment from its AWI Management page.

Configuring the Endpoint for Low Security Environment

Your endpoints may already be configured for low security by default. These steps are only
necessary for endpoints with a different security configuration. It is important to complete them in
the following order.

To configure the endpoint for Low Security Environment:

1. Enter the zero client’s IP address in your browser’s address bar, then log in to its AWI.

2. From the Configuration menu, select Management.

3. Change the Security Level to Low Security Environment.

4. If the endpoint is not in the Idle state, click Clear Management State and then Continue.

5. Click Apply and then Continue.

© 2019 Teradici 108

Discovering Endpoints from the PCoIP Management Console

To discover endpoints manually:

1. From the PCoIP Management Console’s ENDPOINT page, click ENDPOINT DISCOVERY.

2. Enter the endpoint’s IP address in the FROM IP boxes. If you want to discover a range of
endpoints, enter the last IP address in the TO IP boxes; otherwise, leave these boxes empty.

 Note: IP address range is limited to Class C ranges only

The IP address range is limited to Class C ranges or smaller (for example, 10.0.0.1 to 10.0.0.255). It cannot
support a range larger than a class C such as 10.0.0.1 to 10.0.255.255.

3. Click outside a box, and then click DISCOVER.

4. Click DONE when it appears next to ENDPOINT DISCOVERY to end the discovery process.

5. To see the newly discovered endpoints, click REFRESH in the endpoint table (GROUPED or
UNGROUPED, depending on your auto configuration settings).

© 2019 Teradici 109

Discovering Endpoints from the PCoIP Management Console

 Note: Automatically name and group endpoints

© 2019 Teradici 110

Managing Endpoints

This section contains the following topics:

• Understanding the PCoIP Management Console Dashboard: Describes the information you
can view from the PCoIP Management Console DASHBOARD page.

• Changing the Web Interface Time Zone: Explains how to change the PCoIP Management
Console web interface time zone. By default, the web interface uses the PCoIP Management
Console’s Coordinated Universal Time (UTC). For convenience when you create schedules, you
can update your user account to display the web interface in your own local time zone.

• The actions you can perform from the ENDPOINTS page are listed in the following table: Lists
all the actions you can perform from the ENDPOINTS page and provides links to instructions for
each one.

• Displaying Endpoint Properties: Shows how to select the endpoint properties you wish to
include in a GROUPED or UNGROUPED endpoint table.

• Using the ENDPOINT DETAILS Page: Lists all the actions you can perform from the ENDPOINT
DETAILS page and provides instructions for each one.

• Performing Power Management: Explains how to power down and reset endpoints remotely.

• Renaming Endpoints: Explains how to rename an endpoint from the ENDPOINTS page.

• Deleting Endpoints: This topic explains how to delete endpoints.

• Discovering Endpoints Manually: Provides information about how to use the PCoIP
Management Console’s manual endpoint discovery feature.

• Searching an Endpoint Table: Explains how to use a text search to locate endpoints in a
GROUPED or UNGROUPED endpoint table.

• Filtering the Endpoint List: Explains how to use PCoIP Management Console filters to refine
the endpoints that display in a GROUPED or UNGROUPED endpoint table.

• Requesting Endpoint Certificates Using SCEP (Enterprise): Available in PCoIP Management

Console Enterprise. Explains how to simplify the retrieval and installation of digital certificates
by enabling devices to obtain certificates automatically from a SCEP server.

© 2019 Teradici 111

Managing Profiles

The PCoIP Management Console lets you create profiles that contain a list of the settings you
want to apply to one or more groups of endpoints. After creating a profile, you can apply it
immediately to a group, or you can create a schedule to apply it to the group at a specific time in
the future.

Displaying Profile Information

The PROFILE page contains a table showing all the profiles that are currently configured. You can
create a new profile from this page, or you can select a profile from the table to edit, duplicate, or
delete it.

Click the gear icon to the right of the table to change the information you want to display in the
table columns. Your customized settings are saved in your browser and will be used for any user
who subsequently logs in from that browser.

PROFILE Page

Creating a Profile
When you configure a profile, you specify only the settings you want to configure in the endpoint.
For example, you can create a profile that only updates endpoint firmware without changing any of

© 2019 Teradici 112

Creating a Profile

the endpoint’s other settings. Unless a particular setting is explicitly configured in a profile by
enabling its Set In Profile check box, it will have no effect when the endpoints are updated.

Some settings will cause the endpoint to restart. These settings are identified by a white triangular

icon .

 Firmware in profile is the same as on the endpoint

The Management Console will only apply the firmware in a profile to the endpoint, if the firmware version is different
from the firmware identified from the last polling communication between the Managment Console and endpoint.

The settings that are available are based on the endpoint type and the firmware version the target
endpoints are currently using or will use when the profile is applied. For this reason, the relevant
firmware file must already be uploaded to the PCoIP Management Console from the SETTINGS >
SOFTWARE page before you can create a profile.

For the Tera2 PCoIP Zero Client and Remote Workstation Card, you can configure profiles for dual
and quad endpoint types. The dual zero client supports two monitors. The quad zero client
supports four monitors. You need to create a separate profile for each endpoint type.

To create a profile:

1. From the PCoIP Management Console’s top menu, click PROFILE.

2. Click NEW PROFILE.

3. Enter a unique profile name in the Name column and a description for the profile in the
Description column.

4. Click the + tab and select one of the following profile types and then click ADD:

• TERA2: CLIENT [DUAL]: For endpoints that support two monitors.

• TERA2: CLIENT [QUAD]: For endpoints that support four monitors.

• TERA2: HOST [DUAL]: For endpoints that support two monitors.

• TERA2: HOST [QUAD]: For endpoints that support four monitors.

5. For each setting you want to configure:

a. Enable the Set In Profile check box.

© 2019 Teradici 113

Associating a Profile with a Group

b. Perform the required configuration.

 Note: Navigating between profile settings

To navigate between profile settings, you can either use the scroll bar or select a setting category in the left
pane. Any setting followed by the restart icon indicates that the endpoint requires a restart after being
changed.

6. Click SAVE.

7. Click PROFILE in the navigation link at the top to return to the main page.

Associating a Profile with a Group

Before you can apply a profile, you must associate it with a group. Profiles can also be associated
with multiple groups.

To associate a profile with a group:

1. From the ENDPOINTS page, select the desired group.

2. Click PROFILE and then CHANGE.

3. In the Change Profile dialog, select the profile from the drop-down list and click OK.

© 2019 Teradici 114

Changing a Profile Association

4. Enable the I understand message and click OK.

 Note: Child groups will inherit their parent group's profile

Child groups with no assigned profile inherit their parent group’s profile. This rule is recursive. For example, if top-level
group A has a profile and both its child B and B’s child C do not, then B and C both use the profile assigned to A.

Changing a Profile Association

To change a profile that is assigned to a group:

1. From the ENDPOINTS page, select the desired group.

2. Click PROFILE and then CHANGE.

3. In the Change Profile dialog, select a different profile from the drop-down list and click OK.

4. Enable the I understand message and click OK.

Applying a Profile
You can apply profiles so they update endpoint settings right away (or after any currently running
scheduled actions have completed), or you can create a schedule to apply the settings in the
future.

You can apply a profile to one or more groups or endpoints from the ENDPOINTS page or you can
apply a profile to an endpoint from its ENDPOINT DETAILS page.

Applying a Profile Immediately

To force the profile to apply right away or after any currently running scheduled actions have completed:

1. From the ENDPOINTS page, select one or more groups (or one or more endpoints).

 Note: Use Shift +Click and Ctrl +Click to click elements

Use Shift +Click to select contiguous elements and Ctrl +Click to select non-contiguous elements.

© 2019 Teradici 115

Applying a Profile in the Future (Enterprise)

2. Click PROFILE and then APPLY.

3. Enable the I understand message and then click APPLY.

Applying a Profile in the Future (Enterprise)

You can also create a schedule to run at a later time in the future with PCoIP Management
Console Enterprise. For details, see Creating a Schedule.

Duplicating a Profile
The PCoIP Management Console provides an easy way to duplicate a profile when you want to
copy all the profile’s settings except for its group association.

To duplicate a profile:

1. Select the profile in the PROFILE list.

2. Click DUPLICATE.

3. Enter a unique name for the profile and click DUPLICATE.

4. Follow the instructions in Applying a Profile to associate the profile with the desired group and
choose how to apply it.

Editing a Profile
To edit a profile:

1. Select the profile in the PROFILE list.

2. Click EDIT.

3. If desired, change the Name and/or Description entries.

4. To see the group(s) to which this profile is assigned, click the small group tab that
appears to the right.

© 2019 Teradici 116

Deleting a Profile

5. To edit profile settings, choose one of the following:

• To remove all of the settings click the on the profile tab and then click REMOVE. You can
then click the + tab and configure a new profile.

• To change one or more settings, click the profile tab and make your changes, as explained
in Creating a Profile.

6. Click SAVE.

7. Click PROFILE in the navigation link at the top to return to the main PROFILE page.

8. Follow the instructions in Applying a Profile to choose how to apply the updated profile.

Deleting a Profile
To delete a profile:

1. If the profile is assigned to one or more groups, first remove the association for each group as
follows:

a. From the ENDPOINTS page, select the group to which the profile is assigned.

b. Click PROFILE and then CHANGE.

c. In the Change Profile dialog, select No Profile from the drop-down list and click OK.

d. Enable the I understand message and click OK.

2. From the PROFILE page, select the profile you wish to delete.

3. Click DELETE.

4. Enable the I confirm message and click DELETE.

Viewing Profile Details

To view profile details:

1. From the E*NDPOINTS page, select a group to which a profile is assigned.

2. Click PROFILE and then DETAILS.

© 2019 Teradici 117

Organizing Endpoints into Groups

The ENDPOINTS page enables you to organize managed endpoints into a hierarchy of parent
groups and child groups. Each group can then be associated with a profile so that its endpoints
can be updated with the same settings all at once.

When endpoints are first discovered, they appear in the UNGROUPED table if you have not created
auto configuration rules to automatically group them as part of the discovery process. The
following example shows a list of ungrouped endpoints.

The ENDPOINTS page – UNGROUPED

After creating parent groups and child groups, you can create auto configuration rules to
automatically move endpoints into a group when they are first discovered. Alternatively, you can
manually move endpoints into groups.

After an endpoint is moved to a group, either manually or automatically, it then appears in the
GROUPED table on the ENDPOINTS page. If you have created an auto naming rule to name endpoints
when they are first discovered or when they are moved between ungrouped and grouped
categories, this rule is also applied at this time.

© 2019 Teradici 118

Creating Groups

The GROUPED and UNGROUPED tabs have a endpoint count indicator showing how many endpoints
are in that state.

The following example shows a structure with endpoints in two different groups.

The ENDPOINTS page – GROUPED

Creating Groups
To create groups:

1. From the PCoIP Management Console’s top menu, click ENDPOINTS.

2. Click STRUCTURE and then NEW GROUP.

3. Select ^TOP to create a group at the top level or select the parent group under which you want
to create a child group.

4. Enter a unique name for the group (from within its group hierarchy) and click CREATE GROUP.

Moving Endpoints into Groups

You can move an endpoint either from its ENDPOINT DETAILS page or from the ENDPOINTS page.

© 2019 Teradici 119

Moving Groups

To move endpoints into groups:

1. From the ENDPOINTS page, click either the GROUPED or UNGROUPED tab.

2. Select one or more endpoints in the table.

Use Shift +Click to select contiguous elements and Ctrl +Click to select non-contiguous
elements.

3. Click STRUCTURE and then MOVE.

4. Select the desired parent group or child group, and then click MOVE TO GROUP.
If you have configured an endpoint naming convention that applies when you move endpoints
to or from a group, the endpoints may also be renamed during this procedure.

Moving Groups
To move groups:

1. From the ENDPOINTS page, click the GROUPED tab.

2. Select a group in the table.

3. Click STRUCTURE and then MOVE.

Renaming a Group
To rename a group:

1. From the ENDPOINTS page, click the GROUPED tab.

2. Select the group you want to rename.

3. Click STRUCTURE and then RENAME.

4. Enter a unique name (from within its group hierarchy) and click RENAME GROUP.

© 2019 Teradici 120

Removing a Group

 Note: Child groups will be removed and any endpoint will become ungrouped

If you remove a parent group that contains child groups or endpoints, the child groups will also be removed and any
endpoints will become ungrouped.

To remove a group:

1. From the ENDPOINTS page, click the GROUPED tab.

2. Select the group you want to remove.

3. Click STRUCTURE and then REMOVE GROUP.

4. Enable the I understand message and click REMOVE GROUP.

© 2019 Teradici 121

Auto Configuring Endpoints (Enterprise)

The PCoIP Management Console Enterprise lets you create rules to automatically move endpoints
into a specific group when they are first discovered. After discovery, you can find the endpoints in
the GROUPED table diagram on the ENDPOINTS page. If you are using PCoIP Management Console
Free, you will be able to edit existing configurations.

Displaying Auto Configuration Rules

The AUTO CONFIGURATION page contains a table showing all the auto configuration rules that are
currently configured. You can create a new rule from this page, or you can select a rule from the
table to edit or delete it. The ON/OFF switch at the top of the page lets you globally enable or
disable all rules at once.

 Switching auto configuration rules on and off

The AUTO CONFIGURATION page has a global auto configuration ON/OFF switch that is located above the table. Auto
configuration rules become active when this switch is set to ON. However, the rules are only applied to endpoints
when the devices are first discovered. If the global auto configuration setting is switched on after discovery, your rules
will have no effect. For this reason, it is important to set up your rules before enabling discovery of the endpoints to
which the rules would apply.

© 2019 Teradici 122

Creating an Auto Configuration Rule

AUTO CONFIGURATION page and switch button

Creating an Auto Configuration Rule

 Help

Click the ? button beside each field for help with any of the settings.
The LAST UPDATED column displays the last time the Auto Cofiguration rule has been updated.

To create an auto configuration rule:

1. From the PCoIP Management Console’s top menu, click AUTO CONFIGURATION.

2. Click NEW RULE and configure the rule as follows:

• Rule Criteria: Select the criteria your auto configuration rule is based on:

• IP ADDRESS: Click ADD, enter the IPv4 address range of the endpoints you want to
place in the group, and then click OK. The address range can encompass an entire
class A network, that is, from x.0.0.0 to x.255.255.255.

 Example field displays endpoint name format

The Example Name field at the bottom of the page displays the endpoint name format based on your
global naming convention. See Creating a Global Endpoint Naming Convention.

• PASSWORD: Enter the endpoints password. Endpoints with matching passwords will be
auto configured

© 2019 Teradici 123

Creating an Auto Configuration Rule

• GENERIC TAG: Enter the endpoints Generic Tag. Endpoints with a matching Generic Tag
label will be auto configured

© 2019 Teradici 124

Creating an Auto Configuration Rule

• Group: Click in this field, select the desired pre-configured group, and then click OK.

• Rule Values: Enter the specific values required by the Rule Criteria.

• Request Certificate: Select to automatically retrieve a Simple Certificate Enrollment Protocol (SCEP) digital certificate from a SCEP server.

• Move to Group Only (Enterprise): Groups the discovered endpoints and not apply a profile or firmware to them. This permits endpoints to be discovered at any time, and
allows a profile application to be scheduled through the Management Console Schedule for a time that would be more convenient for a user.

• Click SAVE.

Creating overlapping or conflicting rules is not allowed

The PCoIP Management Console will prevent you from creating overlapping or conflicting rules. You will be required to resolve any problems before the rule can be
created.

• Click AUTO CONFIGURATION in the navigation link at the top to return to the main AUTO CONFIGURATION page.

• If you want the rule to apply right away, make sure the global auto configuration setting is switched to ON.

© 2019 Teradici 125

Viewing or Editing an Auto Configuration Rule¶

To view or edit an auto configuration rule:

1. Select the rule in the AUTO CONFIGURATION list.

2. Click EDIT to view or edit the rule.

3. Make desired changes.

4. Click SAVE.

5. Click AUTO CONFIGURATION in the navigation link at the top to return to the main page.

Deleting an Auto Configuration Rule¶

To delete an auto configuration rule:

1. Select the rule in the AUTO CONFIGURATION list.

2. Click DELETE.

3. Click DELETE again at the confirmation message.

© 2019 Teradici 126

Auto Naming Endpoints

The ENDPOINT NAMING page lets you construct a naming format for endpoints by selecting
endpoint attributes to include in the name and entering a custom prefix and postfix to the name if
desired. For example, you can create a name that begins with your prefix text, followed by the
endpoint’s PCoIP Management Console parent group or child group name, followed by the
endpoint’s MAC address or endpoint label, and ends with your postfix text.

The names created from these settings are visible from the ENDPOINTS and ENDPOINT DETAILS
pages. They are only used with the PCoIP Management Console and are not available from the
endpoint’s AWI or OSD.

Each time you change a setting as you configure the naming convention, the Example Name field at
the bottom of the page updates to show the format you have created. When you have finished
constructing the name, you then choose when the name should be applied.

You can configure auto naming by clicking SETTINGS from the PCoIP Management Console’s top
menu and then clicking the NAMING menu in the left pane.

Creating a Global Endpoint Naming Convention

 Note: Help with settings

Click the ? button beside each field for help with any of the settings.

To create a global endpoint naming convention:

1. From the PCoIP Management Console’s top menu, click SETTINGS.

2. In the left pane, click NAMING.

3. Configure the endpoint name format as follows:

• Endpoint Name: Select whether to incorporate the endpoint’s current unique ID (that is, its
MAC address) or its endpoint label (for example, pcoip-portal-) into the endpoint name.

• Prefix: Enter any text you wish to prepend to the name.

© 2019 Teradici 127

Creating a Global Endpoint Naming Convention

• Group Naming: Select whether to add the endpoint’s group name and/or immediate child
group name after the prefix.

• Postfix: Enter any text you wish to append to the name.

4. In the Rename Endpoints when field, select whether to apply the name when the endpoint is
first discovered, or any time it is moved between groups or between a grouped and ungrouped
category.

5. Click SAVE.

© 2019 Teradici 128

Requesting Endpoint Certificates Using SCEP (Enterprise)

Requesting Endpoint Certificates Using SCEP

(Enterprise)

Simple Certificate Enrollment Protocol (SCEP) lets you simplify the retrieval and installation of
digital certificates by enabling devices to obtain certificates automatically from a SCEP server.

 Important: SCEP not supported on PCoIP Remote Workstation Cards

PCoIP Remote Workstation Cards cannot obtain a SCEP certificate from the PCoIP Management Console.

 Tip: Organize endpoints into groups

Before you create an endpoint certificate, organize your endpoints into groups. See Organizing Endpoints into Groups.

 Info: REQUEST CERTIFICATE option not enabled

Your zero client must belong to the group defined in your SCEP certificate rule before the REQUEST CERTIFICATE
option is enabled.

 Info: View certificate information

PCoIP Management Console Enterprise Edition release 2.5+ users can reference SCEP certificate information
displayed on the dashboard. This window is limited to SCEP issued certificates.

To create an endpoint certificate rule:

1. Click ENDPOINT CERTIFICATES to display the CERTIFICATE MANAGEMENT window.

2. Click NEW CERTIFICATE RULE.

3. In the Groups field, click ADD to add a group that was set up on the ENDPOINTS page. If required,
you can remove a group by highlighting it and clicking REMOVE.

4. In the Server URI, field, type the Uniform Resource Identifier (URI) of the SCEP server that is
configured to issue certificates for the group.

5. In the Server Password field, type the password for the SCEP server.

© 2019 Teradici 129

Requesting Endpoint Certificates Using SCEP (Enterprise)

6. In the CA Identifier field, type the certification authority issuer identifier if your SCEP server
requires it (the CA Identifier is supported for devices running firmware 5.4 or later). A CA
Identifier is any string that is understood by the SCEP server (for example, a domain name).

7. In the Use Certificate for 802.1X field, select True to configure 802.1x on the endpoint with SCEP
certificates.

 Info: Tera2 zero clients and 802.1X

Tera2 zero clients can be configure to use 802.1x with SCEP certificates, and have the endpoint present this
certificate to the 802.1x authenticator.

8. Tera2 zero clients support 802.1X authentication, which prevents unauthorized devices from
gaining access to local area networks (LANs).

9. Click SAVE.

To view an endpoint certificate rule:

1. Click ENDPOINT CERTIFICATES to display the CERTIFICATE MANAGEMENT window.

2. Click VIEW to review the details of an endpoint certificate rule.

3. If there is more than one endpoint certificate rule, click PREV or NEXT to view additional
certificate rules.

To edit an endpoint certificate rule:

1. Click ENDPOINT CERTIFICATES to display the CERTIFICATE MANAGEMENT window.

2. Highlight a certificate rule that you want to edit.

3. Click EDIT to revise an endpoint certificate rule.

To delete an endpoint certificate rule:

1. Click ENDPOINT CERTIFICATES to display the CERTIFICATE MANAGEMENT window.

2. Highlight a certificate rule that you want to delete.

3. Click DELETE to delete an endpoint certificate rule.

4. In the DELETE CERTIFICATE RULE dialog box, click DELETE.

© 2019 Teradici 130

Managing Schedules (Enterprise)

The PCoIP Management Console Enterprise lets you create schedules that are configured to run
either once, at a certain date and time, or repeatedly, over a specified time frame and at a specified
frequency. In this release, you can create schedules to apply a profile to one or more groups of
endpoints, to power down one or more groups of endpoints, or to perform a power reset on one or
more groups of endpoints.

Displaying Schedule Information

All configured schedules are displayed on the PCoIP Management Console’s SCHEDULES page. You
can view information about schedules that have previously run by clicking the HISTORY tab. Any
configured schedules that have yet to run are also displayed on the PCoIP Management Console
dashboard in its UPCOMING SCHEDULES area.

SCHEDULES Page
This page contains a table showing all the schedules that are currently configured for the PCoIP
Management Console. You can create a new schedule from this page, or you can select a

schedule from the table to view, edit, or delete. The All Schedules ON/OFF switch at the
top of the page lets you globally enable or disable all schedules at once.

SCHEDULES Page

© 2019 Teradici 131

HISTORY Page

HISTORY Page
The HISTORY page provides a list of schedules that have previously run, along with pertinent
information about each one. All scheduled and manual activities will appear in the schedule history
(for example, profile applications, power downs and resets).

 Note: Unscheduled events do not appear in schedule history

Events that are not scheduled, for example, profile updates driven by auto-configuration, do not appear in the schedule
history.

HISTORY Page

© 2019 Teradici 132

Creating a Schedule

 Note: Help with settings

Click the ? button beside each field for help with any of the settings.

To create a schedule:

1. From the PCoIP Management Console’s top menu, click SCHEDULE.

2. Click NEW SCHEDULE.

3. Configure the settings as follows:

• Type: Select the type of schedule.

 Caution: Using the Skip reboot when applying profile on endpoints check box

This option allows you to push the profile but skip rebooting the endpoint. However, for new firmware to
take affect, or for some settings to be applied, your endpoint must be rebooted.

• Name: Enter a unique name for the schedule.

• Description: Enter a description for the schedule.

• Enabled: Toggle the status to ON.

• Groups: Click ADD, select one or more groups, and then click ADD again. The schedule will
operate on all the endpoints in any group you select. Use Shift +Click to select
contiguous elements and Ctrl +Click to select non-contiguous elements.

• Scheduled Time Zone: Select the time zone for the start and end times when you want the
schedule to run.
For ease of management, set the time zone to the same time zone where the endpoint(s)
are located. The schedules table will show the schedule in the timezone that was selected
and in the Management Console users timezone.

• Start Time: Click the time zone widget and select the desired date, then click the clock
widget below the calendar and select the desired time.

• Recurrence: Select whether the schedule will run once or if it will recur over a period of
time. If it is recurring, you must also select end date and time and frequency information.

© 2019 Teradici 133

Creating a Schedule

4. Click SAVE.

5. Click SCHEDULE in the navigation link at the top to return to the main page.

© 2019 Teradici 134

Viewing Schedule Details

To view schedule details:

1. From the table on the SCHEDULES page, select the schedule you wish to view.

2. Click VIEW.

3. If desired, you choose to view the previous or next schedule in the list, or you can click EDIT to
edit the schedule.

4. Click SCHEDULE in the navigation link at the top to return to the main page.

Editing a Schedule
To edit a schedule:

1. From the table on the SCHEDULES page, select the schedule you wish to edit.

2. Click EDIT.

3. Change the schedule’s settings as desired.

4. Click SAVE.

5. Click SCHEDULE in the navigation link at the top to return to the main page.

Deleting a Schedule
To delete a schedule:

1. From the table on the SCHEDULES page, select the schedule you wish to delete.

2. Click DELETE.

3. At the message prompt, click DELETE.

© 2019 Teradici 135

Hiding OSD Menus

The PCoIP Zero Client can be further secured by hiding certain OSD menu options. This
configuration can not be done from the PCoIP Zero Client OSD or AWI. An administrator can
choose to hide all OSD menu items, all selections within the OSD Options menu, or individual
selections within the OSD Options menu.

To hide OSD menu items on a PCoIP Zero Client, use the PCoIP Management Console and apply a
profile with the desired menues hidden.

The profile settings that hide menus are found under the profile SECURITY section. Select the
Hidden OSD Menu Entries, and enable one or all of the following options:

• All Menus

• Options

• Options/Configuration

• Options/Diaginostics

• Options/Information

• Options/User Settings

• Options/Password

© 2019 Teradici 136

Hiding OSD Menus

© 2019 Teradici 137

PCoIP Management Console Remote Endpoint Management (Enterprise)

PCoIP Management Console Remote Endpoint

Management (Enterprise)

The PCoIP Management Console must be licensed with a trial or enterprise license to use remote
device management. See Managing Licenses Online in the administrators' guide for more
information on licensing. You will also need to deploy a reverse proxy and ensure the network
connection between the PCoIP Management Console and the remote endpoint has a latency of
approximately 100ms or less.

 Tip: How the PCoIP Management Console determines if an endpoint is local or remote.

The PCoIP Management Console will treat an endpoint as a local endpoint except when it is: * explicitly connecting to
the external interface of the PCoIP Management Console * determined to be behind a reverse proxy * behind a NAT
and has a different internal IP address from its external IP address. The PCoIP Management Console determines if an
endpoint is behind a reverse proxy by inspecting the websocket upgrade header for the presence of X-Forwarded-For,
X-Real-IP or Forwarded information.

Administration of remote endpoints requires the configuration of the proxy, the PCoIP
Management Console, and the remote endpoint. Each configuration can be found in the following
topics:

Configuring PCoIP Management Console Remote Management

Reverse Proxy Configuration

© 2019 Teradici 138

PCoIP Management Console Remote Endpoint Management (Enterprise)

Connecting to a Remote Endpoint

© 2019 Teradici 139

Reverse Proxy Configuration

For remote administration of PCoIP endpoints to work, the reverse proxy must be accessible by
the remote devices and by the PCoIP Management Console. Typically reverse proxy will be
installed in the DMZ of the network.

For remote administration of PCoIP endpoints, the reverse proxy must meet the following
requirements.

• It must be able to proxy the WebSocket protocol. The WebSocket protocol is used for
communication between the endpoint and the Management Console.
Encrypted websocket connections have a wss:// preceeding the FQDN.

• It must be configured with a publicly accessible address.

This same address is entered in the PCoIP Management Console External Address field on the
REMOTE CONFIGURATION page, in SETTINGS > REMOTE.

• It must have communication port TCP 5172 open in both directions.

• It must have a certificate with its private key added to its configuration.
The reverse proxy must have a certificate with its private key added to its configuration. Use
the SHA256 fingerprint from the reverse proxy certificate in the PCoIP Management Console
External Certificate Fingerprint field on the REMOTE CONFIGURATION page, in SETTINGS >
REMOTE.

Teradici has provided a sample configuration using nginx for a reverse proxy, and is provided as-is,
with no warranty. This sample configuration resides on the nginx proxy server.

© 2019 Teradici 140

Configuring PCoIP Management Console Remote Management

Configuring PCoIP Management Console Remote

Management

Remote Endpoint Management works by requiring a reverse proxy in the DMZ of the network and
is configured by accessing the REMOTE CONFIGURATION page located by browsing PCoIP
Management Console SETTINGS > REMOTE. Here you will find four configurable settings.

• Internal Address: Here you enter the internally published FQDN or IP address of the PCoIP
Management Console. This is how "local" devices access the PCoIP Management Console.

• External Address: This address will lead to the reverse proxy. In this field you will enter the
externally published FQDN or IP address of the PCoIP Management Console. This is how
"remote" devices will access the PCoIP Management Console.

• External Certificate Fingerprint: Enter the Reverse Proxy Server's certificate SHA-256 fingerprint.
Endpoints may require the fingerprint of the certificate used for external access to the PCoIP
Management Console. This is usually the certificate fingerprint of the reverse proxy.

• Local IP Address Ranges: Here you enter the IPv4 address ranges used within the corporate
network. This will enable the PCoIP Management Console to identify local devices as opposed
to remote devices.

Once your remote devices have checked in with the PCoIP Management Console, you can view the
ENDPOINTS page, and see that the IPv4 ADDRESS column will show the IP address of the
endpoint as seen by the PCoIP Management Console. In the case of a remote endpoint, this will be
the public IP address.

The INTERNAL IPv4 column will show the address assigned to the endpoint itself. In the case of a
remote endpoint this will be the address assigned by the NAT or DHCP server of the remote
endpoint.

The CONNECTED BY column will display either REMOTE or LOCAL based on where in the network
the endpoint is in relation to the PCoIP Management Console

© 2019 Teradici 141

Connecting to a Remote Endpoint

The remote endpoint must be configured with the external address of the reverse proxy.
Depending on the configuration of the zero client this can be done by either configuring and
uploading the required certificates onto the zero client via the AWI, or by creating an external DNS
entry for the Proxy server via the zero client OSD.

Connecting to a Remote Endpoint from OSD

This is the recommended method which requires the OSD be accessible and the end user knows
the password, and that there is a properly configured public DNS server that will provide the
address of the reverse proxy and the SHA256 certificate fingerprint of the reverse proxy to the
endpoint. (Configuring DNS SRV Record Discovery)

1. From your zero client OSD, navigate to Options > Configuration > Network.

2. Unlock your zero client and un-check Enable DHCP (do not modify any other information)

3. In the Domain Name field enter the domain name of the domain you created the DNS entry in.

4. Select OK, you will be prompted to reset the zero client, select Reset to restart your zero client.

The zero client will restart and it will reach out to the specified domain name based on your
recently configured DNS SRV and DNS TXT records which will reach your configured reverse proxy
server. The reverse proxy server will pass the connection to the PCoIP Management Console. The
zero client will now show up in your Ungrouped devices tab after a short period of time. This can
be verified by viewing the MANAGEMENT page from the OSD screen by navigating to Options >
Configuration > Management.

Connecting to a Remote Endpoint via AWI

This method requires the AWI be enabled and accessible on the zero client, and the zero client
user knows the AWI password.

1. From the zero client AWI navigate to Configuration > Management.

© 2019 Teradici 142

Connecting to a Remote Endpoint via AWI

2. Set the Manager Discovery Mode to Manual and enter in the address of the reverse proxy into
the Endpoint Bootstrap Manager URI.

3. Install the certificate of the reverse proxy into the endpoint via the Certificate Upload page, by
navigating the AWI to Upload > Certificate. See Managing PCoIP Management Console
Certificates.

© 2019 Teradici 143

Endpoints Page Overview

The actions you can perform from the ENDPOINTS page are listed in the following table.

ENDPOINTS Page Features

Menu Action

Toggles to display the following:

• Expand top-level and parent groups to display all child level groups and endpoints.
• Collapse the group hierarchy and display only top-level groups.

Displays on the GROUPED table and provides the following menus:

• DETAILS: View details about a profile assigned to a group. See Viewing Profile Details.
• CHANGE: Change the profile assigned to a group. See Changing a Profile Association.
• APPLY: Apply a profile to a group. See Applying a Profile.

Provides the following menus:

• MOVE: Move endpoints or groups to a group. See Moving Endpoints into Groups.
• RENAME: Rename a group or endpoint. See Renaming a Group.
• NEW GROUP: Create a new group. Creating Groups
• REMOVE GROUP: Remove a group. Removing a Group.

Provides the following menus:

• DETAILS: View details about an endpoint. See Using the ENDPOINT DETAILS Page.
• POWER DOWN: Power down one or more endpoints. See Powering Down PCoIP Zero
Clients.
• POWER RESET: Reset (reboot) one or more endpoints. See Resetting PCoIP Zero
Clients
• RESET TO DEFAULT: Reset endpoint properties to their default values. See Resetting
Endpoint Properties to Their Defaults.
An endpoint reboot may be needed
If the endpoint properties have not been reset to their default values, then an endpoint
reboot will be required.
• DELETE: Remove one or more endpoints from the PCoIP Management Console. See
Deleting Endpoints.

Lets you manually discover endpoints by their IP address. See Discovering Endpoints
Manually from PCoIP Management Console.

© 2019 Teradici 144

Endpoints Page Overview

Menu Action

Lets you search for one or more endpoints in the endpoint table. See Searching an
Endpoint Table.

Lets you create and manage filters to display only specified endpoints. See Filtering
the Endpoint List.

Refreshes the endpoint table with the current configuration.

 Click REFRESH after completing a manual discovery

The endpoint table does not refresh automatically. Click REFRESH after completing a manual discovery and any time
you do not see an endpoint that you expect to be there.

© 2019 Teradici 145

Displaying Endpoint Properties

The ENDPOINTS page, displayed next, contains GROUPED and UNGROUPED tables for displaying
the endpoints in your system that are managed by the PCoIP Management Console.

View of the ENDPOINTS page

Selecting Endpoint Properties to Display

Properties are ordered in the sequence you select them. You can rearrange a column by manually
dragging the column heading to the desired position. You can also sort endpoints in ascending or
descending order based on column contents by clicking on the column heading. Endpoints that
occur in groups are sorted within their group.

You can choose to display the following properties:

© 2019 Teradici 146

Selecting Endpoint Properties to Display

Endpoint Properties

Property Information Grouped Ungrouped MC

Enterprise
Only

AUTO Displays an endpoint’s auto configuration 

CONFIGURATION status.
STATUS
Possible values:

• NO PROFILE
• NOT STARTED
• AUTOCONFIG DISABLED
• FAILED DHCP OPTION GROUP NOT FOUND
• FAILED DHCP OPTION RULE NOT FOUND
• FAILED DHCP OPTION BEHAVIOR NONE
• FAILED DHCP OPTION MATCHING DISABLED
• FAILED IP RANGE CHECK
• FAILED UNKNOWN ERROR
• ADDED TO DHCP OPTION GROUP
• ADDED TO GROUP
• PENDING PROFILE APPLICATION
• FAILED PROFILE APPLICATION IN PROGRESS
• FAILED PROFILE APPLICATION
• COMPLETED

© 2019 Teradici 147

Selecting Endpoint Properties to Display

Property Information Grouped Ungrouped MC

Enterprise
Only

APPLY PROFILE Displays the status of endpoint’s profile update. 

Possible values:

• NO PROFILE
• NOT STARTED
• IN PROGRESS
• COMPLETED
• FAILED
• PENDING REBOOT
• FAILED OFFLINE
• FAILED PENDING REBOOT TIMEOUT
• SKIPPED NO REBOOT
• SKIPPED

Some common reasons for the 'skipped' status

is if the endpoint is already configured with the
profile settings or if its group does not have an
assigned profile.

CERTIFICATE Displays the date the SCEP certificate will  

EXPIRY DATE expire and become not valid.

Possible values:

• NO PROFILE
• CERTIFICATE EXPIRY DATE

CERTIFICATE Displays the SCEP certificate subject name.  

NAME
Possible values:

• NO PROFILE
• CERTIFICATE NAME

© 2019 Teradici 148

Selecting Endpoint Properties to Display

Property Information Grouped Ungrouped MC

Enterprise
Only

CERTIFICATE RULE Displays the SCEP certificate rule assigned to a 

group. This rule defines the SCEP SERVER
address and password that an Endpoint can
use to request a SCEP certificate. You can
create a certificate rule from the ENDPOINT
CERTIFICATE tab.

Possible values:

• NO PROFILE
• RULE NAME

CERTIFICATE Displays the date the SCEP certificate becomes  

START DATE valid.

Possible values:

• NO PROFILE
• DATE

CERTIFICATE Displays the status of the SCEP certificate.  

STATUS
Possible values:
(Zero Client only)

• NO PROFILE
• Active
• About To Expire
• Expiring Today
• Expired
• Not Requested

CLEAR Indicates if devices now have all management 

MANAGEMENT settings cleared and set back to a default state.
STATE

© 2019 Teradici 149

Selecting Endpoint Properties to Display

Property Information Grouped Ungrouped MC

Enterprise
Only

CONNECTED BY Identifies where in the deployment the PCoIP   

endpoint is placed.

Possible Values:

• NO PROFILE
• Local
• Remote

DENIED Indicates whether or not the PCoIP  

Management Console has enough licenses to
manage all the discovered endpoints.

Possible values:

• NO PROFILE
• True: The endpoint is denied (that is, it cannot be
managed) because a license is not available for
it.
• False (displays as a blank in the column): The
endpoint is not denied and can be managed.

DEVICE Displays the PCoIP Device Description text 

DESCRIPTION located on the endpoints AWI Label page.

Possible values:

• any text string

© 2019 Teradici 150

Selecting Endpoint Properties to Display

Property Information Grouped Ungrouped MC

Enterprise
Only

DEVICE STATUS Indicates whether or not an endpoint is  

connected to the PCoIP Management Console
and if it is in a PCoIP session with another
PCoIP software or hardware endpoint.

Possible values:

• NO PROFILE
• Offline
• Out of Session (online)
• In Session (online)
• In Recovery (online)

DEVICE STATUS is a combination of the

previous ONLINE and IN SESSION properties.

DISPLAY TYPE Displays the maximum number of monitors an  

endpoint supports.

Possible values for a Tera2 PCoIP Zero Client and

Remote Workstation Card:

• NO PROFILE
• Dual: The endpoint supports up to two monitors.
• Quad: The endpoint supports up to four
monitors.

ENDPOINT Displays information about the Teradici family  

DESCRIPTION and endpoint type for the endpoint.

ENDPOINT Displays the endpoint’s PCoIP family. In this  

PLATFORM release, only endpoints that support the Tera2
platform can be managed by the PCoIP
Management Console.

Possible values:

• NO PROFILE
• TERA2

© 2019 Teradici 151

Selecting Endpoint Properties to Display

Property Information Grouped Ungrouped MC

Enterprise
Only

ENDPOINT TYPE Displays the endpoint type.  

Possible values:

• NO PROFILE
• Client
• Host

FIRMWARE BUILD Lists the firmware build number in use on the  

ID PCoIP endpoint.

Possible values:

• NO PROFILE
• FIRMWARE BUILD ID

FIRMWARE Displays the status of an endpoint’s power reset 

POWER RESET after updating its firmware.

Possible values:

• NO PROFILE
• NOT STARTED
• IN PROGRESS
• COMPLETED
• FAILED
• SKIPPED
FAILED PENDING REBOOT TIMEOUT
• SKIPPED NO REBOOT
• PENDING REBOOT
• SKIPPED
One common reason for the 'skipped' status is
if a firmware update failed for the endpoint. In
this case, the power reset would not occur
either.

© 2019 Teradici 152

Selecting Endpoint Properties to Display

Property Information Grouped Ungrouped MC

Enterprise
Only

FIRMWARE Displays the status of an endpoint’s firmware 

UPLOAD upload.

Possible values:

• NO PROFILE
• NOT STARTED
• IN PROGRESS
• COMPLETED
• FAILED
• FAILED OFFLINE
• PENDING REBOOT TIMEOUT
• SKIPPED

One common reason for the 'skipped' status is

if the endpoint is already running the specified
firmware version.

FQDN Displays an endpoint’s fully-qualified domain  

name.

Possible values:

• NO PROFILE
• FQDN

GENERIC TAG Displays the Generic Tag text located on the 

endpoints AWI Label page.

Possible values:

• any text string

© 2019 Teradici 153

Selecting Endpoint Properties to Display

Property Information Grouped Ungrouped MC

Enterprise
Only

GET ALL SETTINGS Displays an endpoint’s polling status. 

Possible values:

• NO PROFILE
• NOT STARTED
• IN PROGRESS
• COMPLETED
• FAILED
• FAILED OFFLINE

IPv4 ADDRESS Possible values:  

• NO PROFILE
• IP ADDRess

Displays an endpoint's IPv4 address

INTERNAL IPv4 Displays an endpoint's IPv4 address for the   

network the endpoint is part of. For remote
endpoints, this will be their internal network
addresses.

Possible values:

• NO PROFILE
• IPv4 ADDRESS

LAST POLLED Displays the last date and time that the PCoIP  
Management Console polled an endpoint for its
status and configuration information. The
PCoIP Management Console’s polling interval is
60 minutes.

Possible values:

• NO PROFILE

© 2019 Teradici 154

Selecting Endpoint Properties to Display

Property Information Grouped Ungrouped MC

Enterprise
Only

MAC ADDRESS Displays an endpoint’s MAC address.  

Possible values:

• NO PROFILE

OSD LOGO Displays the status of an endpoint’s OSD logo 

bitmap file update to the endpoint’s On Screen
Display (OSD).

Possible values:

• NO PROFILE
• NOT STARTED
• IN PROGRESS
• COMPLETED
• FAILED
• SKIPPED

One common reason for the 'skipped' status is

if the endpoint already has the OSD logo
configured.

PEER If a peer is configured for an endpoint, it's IP   

address is shown in the column.

Possible values:

• NO PROFILE
• PEER IP ADDRESS

PROFILE Appears next to a group to display the profile 

assigned to it.

Possible values:

• NO PROFILE
• PROFILE NAME

© 2019 Teradici 155

Selecting Endpoint Properties to Display

Property Information Grouped Ungrouped MC

Enterprise
Only

PROFILE Indicates whether or not an endpoint’s current 

COMPLIANCE known configuration differs from the PCoIP
Management Console profile assigned to the
endpoint’s group.

Possible values:

• NO PROFILE
• Compliant: the endpoint matches the profile
• Non-compliant: the endpoint does not match the
profile
• Unknown: the MC cannot determine, or is in the
process of determining if the endpoint matches
the profile
• No profile: there is no profile to compare the
endpoint to

PROFILE POWER Displays the status of an endpoint’s power

RESET reset.

Possible values:

• NO PROFILE
• NOT STARTED
• IN PROGRESS
• COMPLETED
• FAILED

© 2019 Teradici 156

Selecting Endpoint Properties to Display

FAILED PENDING REBOOT TIMEOUT

• SKIPPED NO REBOOT
• PENDING REBOOT
• SKIPPED
One common reason for the 'skipped' status is if a profile update failed or skipped for the endpoint. In this case, the power reset would not occur.  RESET TO
DEFAULT COLUMNS Resets the table to display the default columns.

Possible values:

• NO PROFILE

  SERIAL NUMBER All endpoints provide there serial numbers to the PCoIP Management Console endpoints table. The serial number can also be exported into
the Inventory Report.

Possible values:

• NO PROFILE
• SERIAL NUMBER

  SOFTWARE VERSION Firmware file name used in the PCoIP firmware build minus the build number.

Possible values:

• NO PROFILE

  UNIQUE ID Displays an endpoint’s MAC address delimited with hyphens instead of colons. This field can be incorporated into the automatic naming convention
for endpoints.

Possible values:

• NO PROFILE
• ENDPOINT MAC ADDRESS



© 2019 Teradici 157

Using the ENDPOINT DETAILS Page

The ENDPOINT DETAILS page displays complete configuration and status information for the
selected endpoint.

It contains menu options that enable you to perform the following actions:

• Open the endpoint’s profile in edit mode

• Apply the profile to the endpoint right away

• Move the endpoint to a group

• Rename the endpoint

• Power down the endpoint

• Reset (reboot) the endpoint

• Clear the management state of the endpoint

• Request Certificate

• Access the endpoint’s web interface

• Refresh

 Info: No data from the endpoint

In cases such as restoring a database, the PCoIP Management Console must first poll the online endpoint before it
can display the endpoint details information.

© 2019 Teradici 158

Displaying Endpoint Details

To display endpoint details:

1. From the PCoIP Management Console’s top menu, click ENDPOINTS.

2. In either the GROUPED or UNGROUPED table, select the desired endpoint.

3. Click ENDPOINT and then DETAILS.

Opening an Endpoint’s Profile

To open an endpoint profile:

1. From the ENDPOINT DETAILS page, click PROFILE.

2. Click DETAILS to open the endpoint’s profile in edit mode.

Applying a Profile to an Endpoint

You can update an endpoint by applying a profile from the ENDPOINTS page or the ENDPOINT
DETAILS page. This applies the profile right away or after any currently running scheduled actions
for this endpoint have completed.

© 2019 Teradici 159

Moving an Endpoint

To apply a profile to an endpoint:

1. From the ENDPOINTS page, select the endpoint.

2. Click PROFILE > APPLY.

Moving an Endpoint
You can move an endpoint to a group either from the ENDPOINTS page or the ENDPOINT DETAILS
page.

To move an endpoint:

1. From the ENDPOINT DETAILS page, click STRUCTURE and then MOVE.

2. Select the desired parent group or child group, and then click MOVE TO GROUP.

Renaming an Endpoint
You can rename an endpoint either from the ENDPOINTS page or the ENDPOINT DETAILS page.

To rename an endpoint:

1. From the ENDPOINT DETAILS page, click STRUCTURE and then RENAME.

2. Enter a unique name for the endpoint (from within its group hierarchy) and click RENAME
ENDPOINT.

 Note: Auto naming endpoints

If you have configured a global naming convention for endpoints that applies when they move to or from a group, this
overrides any manually configured endpoint name. If you then move the endpoint into or out of a group, the automatic
naming rule will apply. See Auto Naming Endpoints.

© 2019 Teradici 160

Powering Down a PCoIP Remote Workstation Card

 Caution: PCoIP Remote Workstation Cards

Remote workstation cards cannot be powered down or reset by the PCoIP Management Console as they need the
host PC to be restarted. An alternate method of restarting the host PC is required to restart the host PC.

Powering Down a PCoIP Zero Client

The POWER DOWN option causes a PCoIP zero client to power down right away, or after any
currently running scheduled actions for this endpoint have completed. You can power down an
PCoIP zero client either from the ENDPOINTS page or the ENDPOINT DETAILS page.

To power down an endpoint:

1. From the ENDPOINT DETAILS page, click ENDPOINTS and then POWER DOWN.

2. Click OK at the message prompt.

Power Resetting a PCoIP Zero Client

The POWER RESET option causes a PCoIP zero client to reset (reboot) right away, or after any
currently running scheduled actions have completed. You can reset a PCoIP zero client either from
the ENDPOINTS page or the ENDPOINT DETAILS page.

To reset an endpoint:

1. From the ENDPOINT DETAILS page, click ENDPOINTS and then POWER RESET.

2. Click OK at the message prompt.

Resetting Endpoint Properties to Their Defaults

The RESET TO DEFAULT option causes an endpoint to reset to its default configuration right away, or
after any currently running scheduled actions have completed. You can reset an endpoint to its
default configuration either from the ENDPOINTS page or the ENDPOINT DETAILS page.

© 2019 Teradici 161

Clearing the Management State of the Endpoint

 Caution: PCoIP Remote Workstation Cards settings requiring power reset

Resetting remote workstation cards to default settings requires the card to be power reset which is done by restarting
the host PC. The PCoIP remote workstation card cannot be powered down or reset by the PCoIP Management
Console as they need the host PC to be restarted. If using the RESET TO DEFAULT on a host endpoint, you will need an
alternate method of restarting the host PCfor the setting to take affect.

To reset endpoint properties to their defaults:

1. From the ENDPOINT DETAILS page, click ENDPOINTS and then RESET TO DEFAULT.

2. Click OK at the message prompt.

3. If the endpoint does not reboot after the reset to default command completes, reboot the
endpoint either manually or from the PCoIP Management Console using the POWER RESET
command.

Clearing the Management State of the Endpoint

The PCoIP Management Console allows you to place the endpoint in an unmanaged state
allowing the endpoint to be managed by another PCoIP Management Console or a compatible
management tool of your choice.

To clear the management state of an endpoint:

1. From the ENDPOINT DETAILS page, click ENDPOINTS and then CLEAR MANAGEMENT STATE.

Request Certificate (zero clients only)

The REQUEST CERTIFICATE option only applies to zero clients and is an active option when your
zero client is in the group defined in your SCEP configuration.

To request a SCEP certificate:

1. Requesting Endpoint Certificates Using SCEP (Enterprise)

2. From the ENDPOINT DETAILS page, click ENDPOINTS and then REQUEST CERTIFICATE.

© 2019 Teradici 162

Peering Endpoints (ENTERPRISE)

PCoIP Management Console allows the option of peering a specific zero client with a
predetermined remote workstation card. This is done using the PEER and UNPEER options found
on the Endpoint DETAILS page. UNPEER is enabled when a host endpoint is selected prior to
reaching the DETAILS page.

To peer a client and a host endpoint:

1. From the ENDPOINT page, highlight the endpoint you want to peer with.

2. From the ENDPOINT DETAILS page, click PEER.

3. Click OK at the message prompt.

 Caution: UNPEER behaviour on endpoints

When unpeered, the host card will accept connections from any peer and the PCoIP zero client will continue to have
the host IP configured until a session configuration change is made to that zero client.

To unpeer a client and a host endpoint:

1. From the ENDPOINT DETAILS page of a PCoIP remote workstation card, click ENDPOINTS and
then UNPEER.

2. Click OK at the message prompt.

 Info: Unpeer option

You can only unpeer a client from a remote workstation card. The UNPEER option is disabled on the zero client
ENDPOINT DETAILS page.

Deleting an Endpoint
See Deleting Endpoints.

© 2019 Teradici 163

Accessing an Endpoint’s AWI

From the ENDPOINT DETAILS page click WEB INTERFACE to open the endpoint’s AWI in a browser to
configure the endpoint directly.

 Info: Network

If you do not have network access to the AWI, then the link won't work.

For information about the AWI, please see Tera2 PCoIP Zero Client Firmware Administrators’
Guide or the Tera2 PCoIP Remote Workstation Card Firmware Administrators’ Guide.

Refreshing an Endpoint
Click Refresh will display the correct information for anything listed on that page for that particular
endpoint. This may take several minutes to complete.

© 2019 Teradici 164

Performing Power Management

The ENDPOINTS page provides menu options to let you power down and reset PCoIP zero clients
from the PCoIP Management Console. These actions are performed on one or more individual
PCoIP zero clients and occur as soon as you apply them from the ENDPOINTS menu, or after any
currently running scheduled actions for this PCoIP zero client have completed. Alternatively, you
can create a schedule to power down or reset one or more groups of PCoIP zero clients in the
future. See [Creating a Schedule](managing_schedules.md#creating-a-schedule.

 Caution: PCoIP Remote Workstation Cards

Remote workstation cards cannot be powered down or reset by the PCoIP Management Console as they need the
host PC to be restarted. An alternate method of restarting the host PC is required.

Powering Down PCoIP Zero Clients

The POWER DOWN option causes an zero client to power down right away, or after any currently
running scheduled actions have completed. You can power down PCoIP zero clients either from its
ENDPOINT DETAILS page or from the ENDPOINTS page.

 Info: Remote Workstation Cards

This option does not apply to Remote Workstation Cards which obtains its power from the host PC motherboard.

To power down PCoIP zero clients:

1. From the PCoIP Management Console’s top menu, click ENDPOINTS.

2. In either the GROUPED or UNGROUPED table, select one or more PCoIP zero clients that you
wish to power down.

a. From the PCoIP Management Console’s top menu, click ENDPOINTS.

b. In either the GROUPED or UNGROUPED table, select one or more PCoIP zero clients that
you wish to reset.

© 2019 Teradici 165

Resetting PCoIP Zero Clients

 Note: Use Shift +Click and Ctrl +Click to select elements

Use Shift +Click to select contiguous elements and Ctrl +Click to select non-contiguous elements.

a. Click ENDPOINT and then POWER RESET.

b. Click OK at the message prompt.

3. Click ENDPOINT and then POWER RESET.

4. Click OK at the message prompt.

Resetting PCoIP Zero Clients

The POWER RESET option causes PCoIP zero clients to reboot right away, or after any currently
running scheduled actions for this PCoIP zero clients have completed. You can reset an endpoint
either from its ENDPOINT DETAILS page or from the ENDPOINTS page.

To reset endpoints:

1. From the PCoIP Management Console’s top menu, click ENDPOINTS.

2. In either the GROUPED or UNGROUPED table, select one or more PCoIP zero clients that you
wish to reset.

 Note: Use Shift +Click and Ctrl +Click to select elements

Use Shift +Click to select contiguous elements and Ctrl +Click to select non-contiguous elements.

1. Click ENDPOINT and then POWER RESET.

2. Click OK at the message prompt.

Resetting Endpoint Properties to Their Defaults

The RESET TO DEFAULT option causes an endpoint to reset to its default configuration right away, or
after any currently running scheduled actions for this endpoint have completed. You can reset an
endpoint to its default configuration either from its ENDPOINT DETAILS page or from the ENDPOINTS
page.

© 2019 Teradici 166

Resetting Endpoint Properties to Their Defaults

 Note: Resetting an endpoint clears the management state

Resetting an endpoint will clear the management state of the endpoint. The bootstrap and endpoint discovery will
need to be done automatically or manually.

To reset endpoint properties to their defaults:

1. From the PCoIP Management Console’s top menu, click ENDPOINTS.

2. In either the GROUPED or UNGROUPED table, select one or more endpoints that you wish to
reset.

a. From the PCoIP Management Console’s top menu, click ENDPOINTS.

b. In either the GROUPED or UNGROUPED table, select one or more PCoIP zero clients that
you wish to reset.

 Use Shift +Click and Ctrl +Click to select elements

Use Shift +Click to select contiguous elements and Ctrl +Click to select non-contiguous elements.

c. Click ENDPOINT and then POWER RESET.

d. Click OK at the message prompt.

3. Click ENDPOINT and then RESET TO DEFAULT.

4. Click OK at the message prompt.

5. Confirm the endpoint rebooted automatically. If the endpoint has not rebooted, you must
reboot the endpoint manually or from the PCoIP Management Console using the POWER RESET
command.

© 2019 Teradici 167

Renaming Endpoints

You can rename an endpoint either from its ENDPOINT DETAILS page or the ENDPOINT page.

To rename endpoints:

1. From the PCoIP Management Console’s top menu, click ENDPOINTS.

2. In either the GROUPED or UNGROUPED table, select the endpoint that you wish to rename.

3. Click STRUCTURE and then RENAME.

4. Enter a unique name for the endpoint (from within its group hierarchy) and click RENAME
ENDPOINT.

 Note: Auto naming endpoints

© 2019 Teradici 168

Deleting Endpoints

You can delete an endpoint when you no longer wish it to be managed by the PCoIP Management
Console. This also removes it from its GROUPED or UNGROUPED endpoints table.

If auto-discovery is used (DHCP option-based or DNS SRV records) and the endpoint is still
connected to the network, it will attempt to initiate a new connection to the PCoIP Management
Console and re-register with it.

 Note: Deleting endpoint does not clear its management state

Once an endpoint is managed by a PCoIP Management Console, deleting an endpoint from the PCoIP Management
Console does not clear the management state of the endpoint itself. If you wish to connect the endpoint to another
PCoIP Management Console, then you must clear the management state of that endpoint from the endpoint’s AWI. If
you do not clear the management state of the endpoint, and it is still has network connectivity to the PCoIP
Management Console, then it will reconnect and re-register itself with the PCoIP Management Console.

To delete endpoints:

1. From the PCoIP Management Console’s top menu, click ENDPOINTS.

2. In either the GROUPED or UNGROUPED table, select one or more endpoints that you wish to
delete.

 Tip: Press Shift +Click to select contiguous elements

Use Shift +Click to select contiguous elements and Ctrl +Click to select non-contiguous elements.

1. Click ENDPOINT and then DELETE.

2. Click I AM SURE at the message prompt.

© 2019 Teradici 169

Searching an Endpoint Table

The ENDPOINTS page contains a search function that lets you locate endpoints in either the
GROUPED or UNGROUPED endpoint table by searching on any text that appears in the displayed
columns.

To perform a search:

1. Enter the desired search text in the search text box.

2. Press Enter or click SEARCH.

To clear a search, click the x in the search text box.

© 2019 Teradici 170

Filtering the Endpoint List

The ENDPOINTS page contains a filter function that lets you select from a list of predefined filters
to refine the endpoints that display in a GROUPED or UNGROUPED endpoints table. For example,
you can display only endpoints with profile mismatches or endpoints that have failed to power
down or reset. You can also create your own filter criteria and save your filters into the list.

Endpoint predefined filters

Selecting a Predefined Filter

To select a predefined filter:

1. From the PCoIP Management Console’s top menu, click ENDPOINTS.

2. Select either the GROUPED or UNGROUPED tab.

3. Click the arrow to the side of the FILTER button.

© 2019 Teradici 171

Adding a Filter

4. Select a predefined filter from the drop-down list. Your active filter will display as a new dark
gray filter icon next to the FILTER button, as shown next.

5. To return to the unfiltered endpoint list, click the x on the filter icon, or select CLEAR FILTER from
the FILTER drop-down list.

Adding a Filter
To add a filter:

1. From the PCoIP Management Console’s top menu, click ENDPOINTS.

2. Select either the GROUPED or UNGROUPED tab.

3. Click the FILTER button.

4. In the ADD FILTER dialog, use the drop-down menus to select your filter criteria. When you are
finished, click the filter icon to the right.

5. You can repeat this step to add additional criteria to the filter, for example, Power DOWN is Failed
and Online Status is Online. Multiple criteria in a filter are logically ANDed, not ORed.

6. Click OK.

7. To save your filter, select SAVE ACTIVE FILTER from the FILTER drop-down list on the main
ENDPOINTS page.

8. Enter a unique name for the filter in the SAVE ACTIVE FILTER dialog, and click SAVE. When you
click the FILTER button, your filter will now appear in the Predefined Filters list.

Managing Saved Filters

To manage saved filters:

1. From the PCoIP Management Console’s top menu, click ENDPOINTS.

2. Select either the GROUPED or UNGROUPED tab.

© 2019 Teradici 172

Managing Saved Filters

3. Click the arrow to the side of the FILTER button and select MANAGE SAVED FILTERS.

4. Select a saved filter in the drop-down list and choose one of the following:

• Click NEW to add a new filter.

• Click EDIT to change the filter criteria.

• Click DELETE to delete the saved filter.

© 2019 Teradici 173

Exporting an Endpoint List

You can generate a comma-delimited file listing all endpoints, or all endpoints and columns, visible
in the ENDPOINTS table. PCoIP Management Console administrators can use this file to import
inventory information on their deployment into third-party inventory management systems.

 Note: Exporting endpoints available on PCoIP Management Console Enterprise

This feature is available for the PCoIP Management Console Enterprise only.

To generate a list of endpoints visible in an endpoints table:

1. From the PCoIP Management Console’s top menu, click ENDPOINTS.

2. Select either the GROUPED or UNGROUPED tab.

3. Click ENDPOINT and then select EXPORT ALL or EXPORT CURRENTLY VIEWED.

4. Follow the prompts to open or save the file.

 Note: Change the file type to .csv

If the exported file has no file type, change the file type to .csv to open it in Microsoft Excel as a comma-delimited file.

© 2019 Teradici 174

Managing Users

PCoIP Management Console Enterprise supports multiple concurrent administrative users. There
are two user roles that have different administrative capabilities—System Administrator and
Administrator. Roles can be set for individual users that are created locally on the PCoIP
Management Console, or by the Active Directory group that an AD authenticated user is part of. A
user with the System Administrator role can perform any function on the Management Console,
while a user with the Administrator role can access everything except the SETTINGS pages. PCoIP
Management Console Free supports one administrative user with the System Administrator role.

Users with any role can edit their own profile by clicking on their username at the top right of the
Management Console screen.

System Administrators can manage PCoIP Management Console Enterprise user accounts by
clicking SETTINGS from the top menu and then clicking the AUTHENTICATION > USERS tab.

The following tasks are performed from a user account with the System Administrator role.

Displaying User Information

The PCoIP Management Console Enterprise AUTHENTICATION page contains a table showing all
the users that are currently configured to use PCoIP Management Console. This page is viewable
by any System Administrator. PCoIP Management Console Enterprise allows you to create, edit,
enable or disable one or more user accounts, assign different user roles, and view user logs to see
user activity. You can also refine the list of users in the table by clicking ENABLED USERS to display
only users with enabled accounts, or ALL USERS to display all user accounts.

© 2019 Teradici 175

Creating a New User Account in PCoIP Management Console Enterprise

PCoIP Management Console Enterprise AUTHENTICATION Page

PCoIP Management Console Free supports only one administrative user. Enabling and disabling
this user is not supported in PCoIP Management Console Free.

PCoIP Management Console Free AUTHENTICATION Page

Creating a New User Account in PCoIP Management Console

Enterprise

 Note: Help with settings

Click the ? button beside each field for help with any of the settings.

To create a new user account in PCoIP Management Console Enterprise:

1. From the PCoIP Management Console’s top menu, click SETTINGS.

© 2019 Teradici 176

Creating a New User Account in PCoIP Management Console Enterprise

2. Ensure the USERS tab is active.

3. Click NEW USER.

4. Configure the parameters as follows:

• Role: Select Administrator (limited) or System Administrator (full access)

• Username: Enter a unique name for the user.

• First Name: Enter the user’s first name.

• Last Name: Enter the user’s last name.

• Password: Enter a password for the user.

• Confirm Password: Enter the password again.

• Time Zone: Select the user’s local time zone from the drop-down list. Time zones in this list
are presented in IANA format.

 Active Directory Users

All Active Directory users have a default timezone of UTC which can be modified by a Management
Console System Administrator after the user has logged in the first time.

• Account Enabled: Select to enable the account.

© 2019 Teradici 177

Editing a User Account

5. Click SAVE.

 Enabled vs. not enabled for new users

If a new user is not enabled and the MANAGEMENT CONSOLE USERS page is set to show enabled users only, this
user will not be visible in the table until the page is changed to show all users.

Editing a User Account

To edit a user account:

1. From the table on the MANAGEMENT CONSOLE USERS page, select the user account you
wish to edit.

2. Click EDIT.

3. Change the user’s settings as desired.

4. Click SAVE.

© 2019 Teradici 178

Enabling or Disabling User Accounts in PCoIP Management Console Enterprise

 Enabled vs. not enabled for existing users

If an edited user is not enabled and the MANAGEMENT CONSOLE USERS page is set to show enabled users only, this
user will not be visible in the table until the page is changed to show all users.

Enabling or Disabling User Accounts in PCoIP Management

Console Enterprise
To enable or disable user accounts in PCoIP Management Console Enterprise:

1. From the table on the MANAGEMENT CONSOLE USERS page, select one or more users.

2. Use Shift +Click to select contiguous elements and Ctrl +Click to select non-contiguous
elements.

3. Click ENABLE to enable the accounts or DISABLE to disable the accounts.

Viewing User Logs

To view user logs:

1. In the MANAGEMENT CONSOLE USERS page, click VIEW LOG to see the date and type of action
for each user, as shown next:

© 2019 Teradici 179

Viewing User Logs

2. Scroll to the bottom of the list to see the most recent actions.

3. Click OK to close the user log.

© 2019 Teradici 180

Managing PCoIP Management Console Logs

The PCoIP Management Console VERSION page displays the version of the PCoIP Management
Console that you are currently running, and also lets you select the level of diagnostic logging for
the PCoIP Management Console. You can access this page by clicking SETTINGS from the PCoIP
Management Console’s top menu and then clicking the VERSION menu in the left pane.

 Note: Release version can be viewed on dashboard

The PCoIP Management Console release version is also displayed on the dashboard.

Locating the PCoIP Management Console’s Log Files

All PCoIP Management Console logs are located in the PCoIP Management Console’s virtual
machine in its /opt/teradici/log directory. You can access these files by logging in to your PCoIP
Management Console virtual machine console using vSphere Client. Log files are included in
database archives.

The PCoIP Management Console’s log directory contains the following files:

• console.log: Logs information about the PCoIP Management Console’s front-end console. In
this release, its level is set to Info and cannot be changed.

• daemon.log: Logs information about the PCoIP Management Console’s back-end daemon. You
can set a diagnostic log level for the PCoIP Management Console 2’s daemon process.

• daemon-startup.log: Logs information about when the PCoIP Management Console’s daemon
starts up or stops.

• daemon.log.< date >.gz: Contains a gzip archive file for any daemon.log file that has reached
100 MB. These files are zipped to save space on the virtual machine.

Log File Rotation

Both console and daemon logs are limited to 200 files—two uncompressed (up to 100 MB each)
and 98 compressed (approximately 5 MB each). These files are rotated as needed.

© 2019 Teradici 181

Setting the PCoIP Management Console’s Diagnostic Log Level

Linux system logs are rotated using default CentOS settings. The PCoIP Management Console
does not configure Linux system logs.

Setting the PCoIP Management Console’s Diagnostic Log Level

The PCoIP Management Console has five log levels that you can set. Troubleshooting an issue
requires capturing all the details of an event in both the daemon and console logs. This is why
setting the level for either daemon or the console adjusts both logs to the same level. The five log
levels are:

• ERROR: Only logs error messages. Error messages are logged events that occurred that were
not supposed to have occurred.

• WARN: Only logs warning messages. Warning messages are logged events that may cause an
issue in the future.

• INFO: Logs informational messages and events at a coarse-grained level.

• DEBUG: Logs deeper information that is useful for a debug application to troubleshoot.

• TRACE: Logs finer-grained informational messages and events. Trace should only be used
under the direction of Teradici support for debugging issues.

© 2019 Teradici 182

Managing PCoIP Management Console Certificates

Managing PCoIP Management Console

Certificates

This section contains information on how to manage your PCoIP Management

Consolecertificates, including custom certificate requirements, creation, upload, update, and
general management of certificates.

 Important: Generate your own custom certificate

The PCoIP Management Console is shipped with a default Teradici self-signed certificate. Teradici strongly
recommends that you generate your own certificates signed by a recognized certificate authority (CA), and then
update both your PCoIP Management Console and your endpoints with the certificates before configuring a discovery
method or adding endpoints to your PCoIP Management Console.

Custom Certificate Requirements

The certificate loaded onto the PCoIP Management Console for use as the PCoIP Management
Console web interface certificate and for endpoint management must meet the following
requirements:

• It must be a X.509 certificate in PEM format. Three PEM files are needed to install the
certificate into the PCoIP Management Console:

• The first file contains only the PCoIP Management Console public certificate.

• The second file contains only the PCoIP Management Console certificate’s private key.

• The third file contains the PCoIP Management Console certificate’s issuing chain
(intermediate CAs, if applicable, and root CA).

• The certificate must be valid, meaning that the current time is after the 'not valid before' time
and before the 'not valid after' time.

• The PCoIP Management Console certificate’s RSA key must be 1024 bit or greater. The
recommended length is 2048 bits.

© 2019 Teradici 183

Creating and Preparing Your Own PCoIP Management Console Certificate

• If the PCoIP Management Console certificate contains an Enhanced Key Usage extension, it
must include the Server Authentication usage. It is also acceptable for the certificate to not
include an Enhanced Key Usage extension.

• The certificate must have an entire verifiable chain. Any certificate used to sign the leaf
certificate must be present in the chain.

Creating and Preparing Your Own PCoIP Management Console

Certificate
This section demonstrates how to create and submit your own certificate using OpenSSL and your
own CA via the PCoIP Management Console VM.

 Note: Examples use Teradici's PCoIP Management Console name

All the following examples use Teradici's PCoIP Management Console name. Replace any name with your own.

Step 1: Ensure Your PCoIP Management Console Does Not

Have Any Custom Certificates Installed
To make sure you don't have custom certificates installed:

1. Log into the PCoIP Management Console web interface.

2. Go to SETTINGS > SECURITY > CERTIFICATES and ensure the default certificate is installed by
confirming:

3. Security Certificate fields Subject and Issued By are populated with localhost. (see #1)

4. Security Chain fields are empty. (see #2)

 Info: Custom Certificates

The Security Certificate and Security Chain fields of custom certificates will be populated by data that does not
include localhost and will not have empty values.

© 2019 Teradici 184

Step 2: Connect and Enable SSH to Create Your Certificate via the PCoIP Management Console virtual machine

Step 2: Connect and Enable SSH to Create Your Certificate via

the PCoIP Management Console virtual machine
You will need to enable SSH prior to creating your certificate. See Accessing the PCoIP
Management Console Virtual Machine Console.

 Note: Run OpenSSL on a 'Trusted' computer

OpenSSL can be run on any 'Trusted' computer.

To create your certificate:

1. SSH into the PCoIP Management Console using your preferred SSH client. The example
shown next uses PuTTY.

2. Run the OpenSSL command:

openssl req -out CSR.csr -new -newkey rsa:3072 -nodes -keyout privateKey.pem

3. You will get the following response and be asked a series of questions, as shown next:

© 2019 Teradici 185

Step 2: Connect and Enable SSH to Create Your Certificate via the PCoIP Management Console virtual machine

4. Modify each entry with your own detailed information. Descriptions are shown next:

• Country Name: Your country

• State of Province Name: Your state or province

• Locality Name: Your city

• Organization Name: Your company

• Organizational Unit Name: Your department

• Common Name: Your PCoIP Management Console Name (for example, hostname of PCoIP
Management Console - se-pcoip-mc-200)

• Email Address: you@yourcompany.com

• A challenge password: Your password

• An optional company name: Optional

5. Press Enter .

6. Two files will be generated in the admin folder: privateKey.pem and CSR.csr.

© 2019 Teradici 186

Step 3: Submit Your Certificate

 Caution: Certificates with Private Key

Do not send certificates containing your private key to the CA. A certificate with private key should not be sent outside
your organization. The private key provides access to your secured resources and should remain under tight control.

To submit your certificate:

1. Using a file management tool of your choice, copy the two files off of your PCoIP
Management Console.

2. Take the generated CSR.csr and send it to your CA (https://mycertserver.mydomain.local/

certsrv).

3. Select Request a Certificate.

4. Select Advanced Certificate Request.

5. Copy the CSR.csr certificate and send it to the CA. The content will be Base-64 encoded.

 Note: Using text editor to copy the Certificate Signing Request

You can rename CSR.csr to CSR.csr.txt to open it in Notepad and copy the content.

6. For Certificate Template, select Web Server.

7. Do not add anything in the attributes box.

8. Click Submit.

Step 4: Download and Prepare the Certificate

To download and prepare the certificate:

1. You can now download the created certificate from the CA. However, do not download the
certificate chain as it is still in the wrong format. The certificate will show up as certnew.cer.

2. Rename certnew.cer to certnew.pem.

3. Get a copy of the CA certificate from the certificate server in Base64. The CA will return a
certificate that will be used as part of the chain.

© 2019 Teradici 187

Uploading Your Own PCoIP Management Console Certificates

4. Create a new certificate called chain.pem by combining the contents of certnew.pem with
CA.pem.

 Note: Using Notepad to combine the certificates

You can create text file of each certificate to help combine the two certificates. To edit certificates, change their
extension to .txt. Teradici recommends creating a new file with .txt extension. Place the CA.pem content under the
certnew.pem content in the combined certificate.

5. Rename the combine certificate back to .pem. All certificates must be in .pem format before
uploading into the PCoIP Management Console.

6. Now, you will have three certificates:

• certnew.pem: The certificate returned from the CA

• privateKey.pem: The certificate from the Linux command

• chain.pem: The combination of certnew.pem and CA.pem

 Note: CA.pem is not uploaded into the PCoIP Management Console

The CA.pem creates the chain certificate (chain.pem). While uploading CA.pem into PCoIP Management Console
is not required, ensure its content is correct.

Uploading Your Own PCoIP Management Console Certificates

This section explains how to upload your own certificates to the PCoIP Management Console and
to endpoints that require a PCoIP Management Console certificate before discovery. If you wish to
avoid browser certificate warnings when you access the PCoIP Management Console’s web
interface, you can also install the PCoIP Management Console certificate in your browser.

 Important: Use the following sequence if you are installing certificates before adding endpoints

If you are installing your own PCoIP Management Console certificates before you have added endpoints to the PCoIP
Management Console, please follow the instructions in the order shown. If you need to update your PCoIP
Management Console certificates for any reason after the PCoIP Management Console has already discovered your
endpoints, the order of this procedure is slightly different. See Updating PCoIP Management Console Certificates after
Endpoint Discovery for details.

© 2019 Teradici 188

Step 1: Upload Your PCoIP Management Console Certificates to the PCoIP Management Console

The PCoIP Management Console requires the following certificates:

 Note: All certificates must be in PEM format

All PCoIP Management Console certificates must be issued in PEM format.

• PCoIP Management Console server’s certificate (*.pem): Contains the public key. The PCoIP
Management Console’s public key certificate fingerprint is also used for DHCP/DNS endpoint
discovery.

• PCoIP Management Console server’s private key certificate (*.pem): Contains the private key.

• PCoIP Management Console chain certificate (*.pem): Contains the root certificate and any
intermediate certificates used to issue PCoIP Management Console server certificates.

Step 1: Upload Your PCoIP Management Console Certificates to

the PCoIP Management Console

 Note: Uploading Certificates causes the application to restart

Uploading a certificate signs out all PCoIP Management Console users and causes the PCoIP Management Console
application to restart. Users will not be able to access the PCoIP Management Console for one to two minutes.

To upload your certificates to the PCoIP Management Console:

1. From the PCoIP Management Console’s top menu, click SETTINGS.

2. Click SECURITY in the left pane and select the CERTIFICATES tab in the SECURITY pane to the
right.

3. Click UPDATE.

4. Click SELECT CERTIFICATE, select the PCoIP Management Console’s public key certificate file
(*.pem), and then click NEXT.

© 2019 Teradici 189

Step 1: Upload Your PCoIP Management Console Certificates to the PCoIP Management Console

5. Click SELECT KEY, select the PCoIP Management Console’s private key certificate file (*.key),
and then click NEXT.

6. Click SELECT CHAIN, select the PCoIP Management Console’s chain certificate file (*.pem), and
then click NEXT.

© 2019 Teradici 190

Step 1: Upload Your PCoIP Management Console Certificates to the PCoIP Management Console

7. Click Apply.

8. Read the warning message and then click APPLY.

9. When the update process completes, click LOGIN to log in to the PCoIP Management Console
again.

© 2019 Teradici 191

Step 2: Update Your DHCP/DNS Server with the PCoIP Management Console Server’s Public Key Certificate Fingerprint

Step 2: Update Your DHCP/DNS Server with the PCoIP

Management Console Server’s Public Key Certificate Fingerprint
If your DHCP or DNS server is configured to provision endpoints with the PCoIP Management
Console’s public key certificate fingerprint, this information must be updated next. You can update
your server with your PCoIP Management Console certificate fingerprint as follows:

• DHCP server: Edit the EBM X.509 SHA-256 fingerprint option for the PCoIP Endpoint option class.
For details, see Configuring DHCP Options.

• DNS server: Edit the EBM-SHA-256-fingerprint DNS text record. For details, see Adding a DNS
TXT Record.

Step 3: Upload a PCoIP Management Console Certificate to

Your Endpoints
If your endpoints are configured with a discovery method and security level that require them to
have a PCoIP Management Console certificate in their trusted certificate store before they can
connect to the PCoIP Management Console, you can either upload the PCoIP Management
Console certificate for a group of endpoints using a PCoIP Management Console profile, or you
can upload the PCoIP Management Console certificate locally using each endpoint’s AWI.
Depending on your security requirements, you can upload either a PCoIP Management Console
issuer certificate (that is, the root CA certificate (or intermediate certificate) that was used to issue
a PCoIP Management Console server certificate) or you can upload the PCoIP Management
Console server’s public key certificate.

Installing the PCoIP Management Console Certificate in Your

Browser
If you wish to avoid browser certificate warnings when you access the PCoIP Management
Console’s web interface, you can install a PCoIP Management Console certificate in your browser.
You can use either a PCoIP Management Console issuer certificate or the PCoIP Management
Console server’s public key certificate. For more information, see How do I get the fix the unsecure
browser warning when accessing the Management Console 2.x and 3.x web interface? (1406)

© 2019 Teradici 192

Reverting to the Default Self-signed PCoIP Management Console Certificate

Reverting to the Default Self-signed PCoIP Management

Console Certificate

 Note: Reverting the default certificate disables all users and causes application to restart

Reverting the PCoIP Management Console to its self-signed certificate disables all PCoIP Management Console users
and causes the PCoIP Management Console application to restart. Users will not be able to access the PCoIP
Management Console for one to two minutes.

To revert to the default PCoIP Management Console certificate:

1. From the PCoIP Management Console’s top menu, click SETTINGS.

2. Click SECURITY in the left pane.

3. Click REVERT SELF-SIGNED CERTIFICATE.

4. Read the warning message and then click APPLY.

5. When the update process completes, click LOGIN to log in to the PCoIP Management Console
again.

© 2019 Teradici 193

Updating PCoIP Management Console Certificates after Endpoint Discovery

Updating PCoIP Management Console Certificates

after Endpoint Discovery

The steps provided next are for updating your PCoIP Management Console certificates if your
certificate expires, or if you need to update your PCoIP Management Console certificate for any
other reason.

 Note: Update endpoints with new certificate before updating the PCoIP Management Console certificates

It is important to update endpoints with their new PCoIP Management Console certificate before you update the
PCoIP Management Console’s certificates. Otherwise, your endpoints will not be able to trust the PCoIP Management
Console, and your profile update will fail when you attempt to apply it.

Step 1: Update Endpoints with the New PCoIP Management

Console Certificate
To update endpoints with the new PCoIP Management Console certificate:

1. Ensure that all ungrouped endpoints are moved from the ungrouped category into a group.

2. Ensure that every group (or at least one parent group) is associated with a profile.

3. Update all existing profiles to push the new certificate to endpoints. For each profile:

a. From the PCoIP Management Console’s top menu, click PROFILE.

b. Click the profile’s device type tab.

c. In the SOFTWARE section, ensure that the right firmware version is selected for your
endpoints.

d. Click SECURITY in the left navigation pane, scroll down to Certificate Store, and select Set in
Profile.

e. Click Add New, select your new PCoIP Management Console public key certificate, and
click Open.

f. This certificate must have a .pem extension.

© 2019 Teradici 194

Step 2: Upload the New PCoIP Management Console Certificate to the PCoIP Management Console

g. Click Upload.

h. Click SAVE at the top of the page.

i. Apply the profile immediately or create a schedule to update your group(s) with the profile.

Step 2: Upload the New PCoIP Management Console Certificate

to the PCoIP Management Console
To upload the new PCoIP Management Console to the PCoIP Management Console:

 Note: Uploading certificates causes application to restart

1. From the PCoIP Management Console’s top menu, click SETTINGS.

2. Click SECURITY in the left pane and select the CERTIFICATES tab in the SECURITY pane to the
right.

3. Click UPDATE.

4. Click SELECT CERTIFICATE, select the PCoIP Management Console’s public key certificate file
(.pem), and then click **NEXT*.

© 2019 Teradici 195

Step 2: Upload the New PCoIP Management Console Certificate to the PCoIP Management Console

5. Click SELECT KEY, select the PCoIP Management Console’s private key certificate file (.key), and
then click **NEXT*.

6. Click SELECT CHAIN, select the PCoIP Management Console’s chain certificate file (.pem), and
then click **NEXT*.

7. Click APPLY.

8. Read the warning message and then click APPLY.

9. When the update process completes, click LOGIN to log in to the PCoIP Management Console
again.

© 2019 Teradici 196

Step 3: Update Your DHCP or DNS Server

If your DHCP or DNS server is configured to provision endpoints with the PCoIP Management
Console’s public key certificate fingerprint, this information must be updated next. You can update
your server with your PCoIP Management Console certificate fingerprint as follows:

• DHCP server: Edit the EBM X.509 SHA-256 fingerprint option for the PCoIP Endpoint option class.
For details, see Configuring DHCP Options.

• DNS server: Edit the EBM-SHA-256-fingerprint DNS text record. For details, see Adding a DNS
TXT Record.

© 2019 Teradici 197

Uploading the PCoIP Management Console Certificate to an Endpoint

Uploading the PCoIP Management Console

Certificate to an Endpoint

If your endpoints are configured with a discovery method and security level that require them to
have a PCoIP Management Console certificate in their trusted certificate store before they can
connect to the PCoIP Management Console, you can either upload the PCoIP Management
Console certificate for a group of endpoints using a PCoIP Management Console profile, or you
can upload the PCoIP Management Console certificate locally using each endpoint’s AWI.
Depending on your security requirements, you can upload either a PCoIP Management Console
issuer certificate (that is, the root CA certificate (or intermediate certificate) that was used to issue
a PCoIP Management Console server certificate) or you can upload the PCoIP Management
Console server’s public key certificate.

For information on PCoIP Management Console certificates, see Managing PCoIP Management
Console Certificates.

Uploading Endpoint PCoIP Management Console Certificates

Using PCoIP Management Console

 Note: All certificates should be in PEM format

All PCoIP Management Console certificates must be issued in PEM format.

To upload the PCoIP Management Console certificate for a group of endpoints using PCoIP Management
Console:

1. Ensure that the endpoints you wish to upload certificates to are placed in their own group.
Depending on your site configuration, this may require modifications to your DHCP options or
DNS SRV records, or it may require disabling persistent auto-configuration or placing the
endpoints into a segregated network with a new PCoIP Management Console.

2. From the PCoIP Management Console home page, click the PROFILES tab.

3. Click Add New.

Uploading Endpoint PCoIP Management Console Certificates Using PCoIP Management Console

4. Enter a name and description and then click Save.

5. In the Profile Management page, click the profile’s Set Properties link.

6. Scroll down to the profile’s Certificate Store section and click Add New.

7. Click Browse, select your PCoIP Management Console certificate file (.pem), and then click
**Add*.

8. From the main menu, click the GROUPS tab.

9. In the Group Management page, click the Edit link for group containing your endpoints.

10. Select the profile you created in the Profile drop-down list and click Save.

11. Click the Apply Profile link for the group containing your endpoints.

12. Enter the date and time to apply your profile in the Apply Profile at Date/Time**text box and then
click **OK.

 Tip: Using the zero client AWI

You can upload the PCoIP Management Console Certificate to an endpoint using the endpoint’s AWI.

For more information about the AWI, see Remote Workstation Card Firmware Administrators' Guide or Tera2 PCoIP
Zero Client Firmware Administrators’ Guide.

Configuring PCoIP Management Console Session Timeout (Enterprise)

Configuring PCoIP Management Console Session

Timeout (Enterprise)

PCoIP Management Console Enterprise allows administrators to set a session timeout for the
Web UI of 10, 30, 60, or 120 minutes as well as disabling the session time out by using Never
which is not recommended. This setting is located on the security page (SETTINGS > SECURITY).
Once a period of inactivity reaches the set time, the administrator will be logged out of PCoIP
Management Console Enterprise.

Configuring PCoIP Management Console web UI Time Zone

Configuring PCoIP Management Console web UI

Time Zone

 Important: PCoIP Management Console operates in Coordinated Universal Time (UTC)

The PCoIP Management Console virtual machine operates in Coordinated Universal Time (UTC) and must not be
changed.

If you are in a different time zone, you can change the PCoIP Management Console’s web interface
to display your local time to make it more convenient to create schedules and view time-related
information. The PCoIP Management Console will perform the conversion and run the schedule
using your time.

To configure your local time zone:

1. Log in to the PCoIP Management Console web interface.

2. Click SETTINGS and then AUTHENTICATION to display the MANAGEMENT CONSOLE USERS
window.

3. In the USERNAME column, select your user account and then click EDIT.

4. In the Time Zone field, select your local time zone from the drop-down list.

5. Click SAVE.

Default CentOS Configuration for PCoIP Management Console

Default CentOS Configuration for PCoIP

Management Console

After installation, the CentOS operating system on which your PCoIP Management Console virtual
appliance runs has the following default configuration. For further recommendations on how to
improve security for your PCoIP Management Console, see Securing the PCoIP Management
Console.

Default PCoIP Management Console CentOS Configuration

Configuration Description

Installed packages The following applications have been installed on the CentOS operating system for PCoIP
Management Console:

• Text editor (from the CentOS repo): vim

• man

• python-argparse

• redhat-lsb-core

• networkmanager-tui

• iptables-services

• Python (from the Python project)

• Java Platform: Openjdk-1.8 configured with weak ciphers and hashes disabled

• PostgreSQL-server >=9.2.0 (from the PostgreSQL project)

• PostgreSQL-contrib >=9.2.0

• openssl

• epel-release

Important: Dependencies
Installed packages may have included other additional dependencies.

Default CentOS Configuration for PCoIP Management Console

Configuration Description

PCoIP Note: Root user is not used for PCoIP Management Console administration
Management For security reasons, the root user is not used for PCoIP Management Console
Console users administration. This user account has a large, randomly-generated password that is not
published. It is critical to change this password immediately after installing your PCoIP
Management Console.

The following PCoIP Management Console virtual machine users are created by default:

• admin: Default administrative user; has sudo privileges; default password is

ManagementConsole2015.
Note: To secure your PCoIP Management Console, it is critical to change this password
immediately after installing the PCoIP Management Console.

• mcconsole: No login shell; can use restricted sudo to manage PCoIP Management
Console web UI components; has no password.

• mcdaemon: No login shell; has no password.

• postgres: Has login shell due to PostgreSQL limitations; has no password.

Security Security-Enhanced Linux (SELinux) is enabled with a default configuration.

The PCoIP Management Console SSH server is disabled by default. You can use vSphere
Client to access the PCoIP Management Console’s virtual machine console.

Note: SSH access for the admin user

Although the PCoIP Management Console permits you to re-enable the SSH server
(temporarily or permanently), for security reasons it only allows SSH access for the admin
user while the SSH server is enabled.

Default firewall port settings are as follows:

• Port 22: Allow incoming SSH connections on TCP port 22.

• Ports 80, 443, 8080 and 8443: Allow incoming web UI connection on TCP ports 80, 443,
8080, and 8443. The firewall redirects port 80 to port 8080 and port 443 to port 8443.
The web UI server listens for HTTP connections on port 8080 and HTTPS connections
on port 8443.

• Port 5172: Allow incoming PCoIP Management Protocol connections on TCP port 5172.

• Allow all outgoing traffic.

Open file limit The maximum number of open files for all OS processes is 65,535.

Default CentOS Configuration for PCoIP Management Console

Configuration Description

IPv6 IPv6 is disabled.

NTP By default, CentOS 7.x uses chrony as an NTP client. NTP traffic to outside sources can be
found by entering the chronyc sources -v command to provide a verbose listing of NTP
servers chrony is syncing too. Configuration changes can be made by editing the /etc/
chrony.conf file. See Chrony Configuration for further information.

PCoIP The following scripts and files are included on the PCoIP Management Console virtual
Management machine:
Console /opt/teradici/scripts
directories and
• enable_admin.sh: Enables the PCoIP Management Console’s web UI admin user. This is
scripts
useful if you disable the admin Web UI account from PCoIP Management Console
Enterprise and subsequently transition to PCoIP Management Console Free without re-
enabling the account from the web UI. In this situation, you must run this script from the
PCoIP Management Console’s virtual machine console before the user can log in to the
[PCoIP Management Console web UI.

• port80_disable.sh: Disables the PCoIP Management Console’s HTTP port (port 80).

• port80_enable.sh: Enables the PCoIP Management Console’s HTTP port (port 80).

• reset_admin_password.sh: Reverts the password for the PCoIP Management Console’s

web interface admin user to its default value (password). This is useful if the password to
the admin user web UI account becomes lost and the user needs a way to get logged in
again.

• remove_ldaps_certificate.sh: Removes the uploaded Active Directory Certificate

• import_ldaps_certificate.sh: Imports and activates the uploaded Active Directory Certificate

/opt/teradici/database/legacy/migration_script
• migrate_mc1_profile.sh: Imports individual PCoIP Management Console 1 profiles into your
PCoIP Management Console release 2 or later.
/opt/teradici/log
Contains PCoIP Management console log files.

Changing the Default Network Configuration

The PCoIP Management Console virtual machine includes a network configuration tool called
NetworkManager TUI (textual user interface) that lets you change the PCoIP Management
Console’s default network configuration. You can use this tool to assign a static IP address to the
PCoIP Management Console. Do NOT modify the DNS configuration with this tool.

 Tip: Ensure you have correct DNS A and DNS PTR records set

Before you run the Network Configuration Tool, be sure to set the correct DNS A record and DNS PTR record in your
DNS server for the PCoIP Management Console. If the records are already set, ensure you use the same IP address
associated with the DNS records.

 Note: Give PCoIP Management Console a fixed IP address

Teradici recommends that you give the PCoIP Management Console a fixed “static” IP address, either through a DHCP
reservation or by Assigning a Static IP Address using the PCoIP Management Console’s network configuration tool. If
a PCoIP Management Console is configured using DHCP and the IP address of the PCoIP Management Console
changes, the endpoints it manages will be unable to connect to it.

Launching the PCoIP Management Console Network

Configuration Tool
To launch the network configuration tool:

1. Log in to the PCoIP Management Console virtual machine console. For instructions, see
Accessing the PCoIP Management Console Virtual Machine Console.

2. Type the following command at the command line to launch the network configuration tool:
sudo nmtui

Launching the PCoIP Management Console Network Configuration Tool

Network Manager Configuration Tool

 Info: Default configuration

The default configuration for IPv4 is DHCP based, identified by < Automatic >.

Assigning a Static IP Address

 Tip: Configurable Interactive Elements

Angle brackets contain interactive elements that can provide further selections, and OK or Cancel changes. Use
the keyboard Tab or arrow keys to move between interactive elements.

Select to access additional configurable elements.

Assigning a Static IP Address

To assign a static IP address using the PCoIP Management Console’s network configuration tool:

1. Launch the PCoIP Management Console’s network configuration tool.

2. Select Edit a connection.

3. Select eth0 then tab and select < Edit... >.

4. Tab to < Show > to access and configure your IPv4 parameters:

• IPv4 CONFIGURATION: Set to Manual for a static IP configuration. Be sure to enter your
network, see screen shot below.

• Addresses: Enter the IP address you selected for your Management Console, ensuring you
use the appropriate slash notation to define your subnet mask.

• Gateway: Enter your default gateway IP address for the Management Console's network.

• DNS servers: Enter the IP address of your DNS servers.

• Search domains: Enter the domains used in your deployment in the format of
mydomain.local.

• Routing: Enter your networks routing requirements.

Assigning a Static IP Address

5. Tab to IPv6 CONFIGURATION and change automatic to Ignore.

6. Tab to < OK > and press Enter.

7. Tab to < Back > and press Enter to get to the main screen of the network configuration tool.

8. To have the settings take affect immediately, type the following command from the CentOS
command line:
sudo systemctl restart network

 Note: Shown next are example IP addresses

The IP addresses shown next are for example purposes only. Enter your own information.

 Important: Correctly identifying subnets

Addresses and subnets must be correctly defined otherwise the PCoIP Management Console will not operate.
Subnets are defined through the slash notation used in the Addresses field. The example of /24 represents
255.255.255.0. Your network may use different subnet sizes.

Assigning a Static IP Address

Configuring an Endpoint Manager Manually from an Endpoint

Configuring an Endpoint Manager Manually from

an Endpoint

For environments that do not use automatic DHCP or DNS discovery, you can manually configure
each zero client with the IP address or FQDN of the PCoIP Management Console to which it
should connect. The endpoint must also have a trusted PCoIP Management Console certificate in
its certificate store in order for discovery to succeed. Typically, this method is used in medium and
high security environments. If your endpoint does not have a pre-loaded certificate, you can use
the alternative method of manual endpoint discovery initiated by the PCoIP Management Console.
See Discovering Endpoints Manually from PCoIP Management Console.

This example shows how to configure a zero client for discovery by a specific Endpoint Manager
from the endpoint’s AWI Management page. For information about configuring endpoints for
automatic discovery from this page, please see the PCoIP Zero Client Administrators’ Guide.

 Note: PCoIP Management Console servers as both Endpoint Bootstrap Manager and Endpoint Manager

In the zero client Management page, your PCoIP Management Console serves as both the Endpoint Bootstrap
Manager and the Endpoint Manager. Use the PCoIP Management Console’s IP address or FQDN when specifying
either an Endpoint Bootstrap Manager or an Endpoint Manager URI.

To configure your endpoint with a specific Endpoint Manager:

 Note: Complete the following steps in sequence

It is necessary to complete these steps in the sequence shown next.

1. Enter the zero client’s IP address in your browser’s address bar, then log in to its AWI.

2. From the Configuration menu, select Management.

3. Select the desired security level:

• Low Security Environment - Zero Client is discoverable by Endpoint Managers: This security level
is intended for discovery that is initiated manually by a PCoIP Management Console. It

Configuring an Endpoint Manager Manually from an Endpoint

enables endpoints that are shipped with empty certificate stores to use trust information
retrieved during the discovery process.

 Note: Low Security Environment also works for endpoints configured for DHCP options or DNS
SRV record discovery

You can also use this security level for endpoints that are configured for DHCP options discovery or DNS
SRV record discovery when the DHCP or DNS server also provisions the endpoint with the Endpoint
Bootstrap Manager certificate’s fingerprint.

• Medium Security Environment - Endpoint Bootstrap Manager must be trusted by installed

certificate: When this security level is selected, the endpoint must have a trusted PCoIP
Management Console certificate in its certificate store in order for discovery to succeed.
The certificate can be provisioned either by the vendor when an endpoint is shipped or by
uploading the PCoIP Management Console certificate to the endpoint. See Uploading the
PCoIP Management Console Certificate to an Endpoint.

• High Security Environment - Bootstrap phase disabled: With this security level, a user must
manually enter an internal (and optionally an external) URI for the PCoIP Management
Console from the endpoint’s AWI Management page. The user must also upload a PCoIP
Management Console certificate to the endpoint’s trusted certificate store. Automatic
provisioning and discovery methods cannot be used in a high security environment.

4. In the Manager Discovery Mode drop-down list, select Manual.

5. If the endpoint is not in the Idle state, click Clear Management State and then Continue.

6. Enter the URI for your PCoIP Management Console.

Configuring an Endpoint Manager Manually from an Endpoint

 Note: URIs require a secure WebSocket prefix

URIs require a secured WebSocket prefix (for example, wss://< internal EM IP address|FQDN >:[port number]).
The PCoIP Management Console’s listening port is 5172. Entering this port number is optional. If you do not
include it, port 5172 will be used by default.

Configuring an Endpoint Manager Manually from an Endpoint

7. Click Apply and then Continue once more.

If discovery succeeds, the endpoint’s Management page will show the following information:

 Note: Automatically name and group endpoints

Managing PCoIP Management Console Databases

The PCoIP Management Console maintains a database containing its configuration data,
information about the PCoIP endpoints it has discovered, and console and daemon log files. You
can archive multiple snapshots of these PCoIP Management Console database settings and store
them on your PCoIP Management Console virtual machine. You can also download a stored
archive to a location external to your PCoIP Management Console virtual machine, for instance,
the host PC you use to access the PCoIP Management Console web browser.

You can manage PCoIP Management Console database archives by clicking SETTINGS from the
PCoIP Management Console’s top menu, then clicking the DATABASE menu in the left pane.

Displaying Database Information

The DATABASE MANAGEMENT page enables you to back up, upload, download, restore, and
delete PCoIP Management Console database archives.

The DATABASE MANAGEMENT page

Backing Up PCoIP Management Console Database

To take a snapshot of your current PCoIP Management Console and store it in a database archive within the
PCoIP Management Console virtual machine:

1. From the PCoIP Management Console’s top menu, click SETTINGS.

2. Click DATABASE in the left pane.

3. Click BACK UP.

4. Enter a description and click BACK UP. The archive will appear in the database table when the
backup has completed.

Uploading a Database Archive from an External Location

To upload a database archive from an external location:

1. From the PCoIP Management Console’s top menu, click SETTINGS.

2. Click DATABASE in the left pane.

3. Click UPLOAD.

4. Click Select File, locate the archive file (.archive) and then click Open.

5. Click UPLOAD to transfer the archive file to the PCoIP Management Console virtual machine.
The archive file will appear in the database table when you are finished.

Downloading a Database Archive to an External Location

To download a database archive to an external location:

1. From the PCoIP Management Console’s top menu, click SETTINGS.

2. Click DATABASE in the left pane.

3. From the database table, select the archive file you wish to transfer to a location external to
your PCoIP Management Console virtual machine.

4. Click DOWNLOAD.

Restoring PCoIP Management Console Database

5.Save the file to the desired location.

Typically, this is a directory on the host PC that is running the PCoIP Management Console web
browser.

Restoring PCoIP Management Console Database

 Caution: Take a snapshot of your current virtual machine database before restoring a database archive

Restoring a database archive will permanently delete all current data from the database. Please ensure you have
taken a snapshot of your current PCoIP Management Console virtual machine database before proceeding.

To restore a database archive from the PCoIP Management Console virtual machine:

1. From the PCoIP Management Console’s top menu, click SETTINGS.

2. Click DATABASE in the left pane.

3. From the database table, select the archive file you wish to restore.

4. Click RESTORE.

5. Enable the message prompt and then click RESTORE.

Deleting PCoIP Management Console Database

To delete a database archive from the PCoIP Management Console virtual machine:

1. From the PCoIP Management Console’s top menu, click SETTINGS.

2. Click DATABASE in the left pane.

3. From the database table, select the archive file you wish to delete.

4. Click DELETE.

5. Enable the message prompt and then click DELETE.

Expanding the PCoIP Management Console Virtual Machine Database and Disk Size

Expanding the PCoIP Management Console Virtual Machine

Database and Disk Size
This section provides information on expanding your PCoIP Management Console Virtual Machine
database size and the related disk sizing guidelines.

The basic PCoIP Management Console OVA will create a default configuration as follows:

• Virtual Machine Hardware Version: 10

• CPU: 4 vCPU

• Memory: 12 MB

• Provisioned Storage: 62 GB

 Caution: Modifying virtual machine settings should only be considered by qualified individuals

Only qualified individuals should modify any virtual machine settings. Teradici strongly recommends you perform a
database backup of the PCoIP Management Console and download the archive file to a safe location. You should also
take a snapshot of the virtual machine prior to modifying any settings.

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

PCoIP Management Console 1 Profile Properties

Renamed or Not Migrated

The following table lists PCoIP Management Console 1 profile properties that have been renamed
PCoIP Management Console Enterprise or Free and are not migrated when you import a PCoIP
Management Console 1 profile to a current release of PCoIP Management Console.

Reference to PCoIP Management Console refer to this release or later releases, unless otherwise
specified.

 Migrating and renaming notes

In the next table, when a PCoIP Management Console 1 property is not migrated, its Migration Notes column will have
an explanation. If this column is blank, then the property only has a name change in the new PCoIP Management
Console. Some properties that are currently not migrated may be included in future PCoIP Management Console
releases.

PCoIP Management Console 1 Profile Information Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Network SNMP NMS Network Trap NMS Not migrated when PCoIP
Configuration Address Address Management Console 1
property Network
Configuration > Enable
SNMP is not Set in Profile or
is set to False

Network Enable SNMP Network SNMP Cold Start Not migrated when PCoIP
Configuration Cold Start Trap Trap Management Console 1
property Network
Configuration > Enable
SNMP is not Set in Profile or
is set to False.

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Network Enable SNMP Network SNMP V1 Traps Not migrated when PCoIP
Configuration V1 Traps Management Console 1
property Network
Configuration > Enable
SNMP is not Set in Profile or
is set to False.

Network Enable SNMP Network SNMP V2 Traps Not migrated when PCoIP
Configuration V2c Traps Management Console 1
property Network
Configuration > Enable
SNMP is not Set in Profile or
is set to False.

Network SNMP Network SNMP Not migrated when PCoIP

Configuration Community Community Management Console 1
Name Name property Network
Configuration > Enable
SNMP is not Set in Profile or
is set to False.

Network Static Fallback Network Static Fallback Not migrated when PCoIP
Configuration IP Address IPv4 Address Management Console 1
property Network
Configuration> Enable SNMP
is not Set in Profile or is set
to False.

Network Static Fallback Network Static Fallback Not migrated when PCoIP
Configuration Subnet Mask IPv4 Subnet Management Console 1
Mask property Network
Configuration > Enable
SNMP is not Set in Profile or
is set to False.

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Network Static Fallback Network Static Fallback Not migrated when PCoIP
Configuration Gateway IPv4 Gateway Management Console 1
Address property Network
Configuration > Enable
SNMP is not Set in Profile or
is set to False.

Network Static Fallback Network Static Fallback Not migrated when PCoIP
Configuration Timeout IPv4 Timeout Management Console 1
property Network
Configuration > Enable
SNMP is not Set in Profile or
is set to False.

Discovery PCoIP Never migrated. Not used

Configuration Management in firmware 5.0.0 and
Console DNS- later.
Based
Discovery Prefix

Session PCoIP Session > Session Server URI Not migrated when PCoIP
Configuration Connection Type Management Console 1
Manager Server property Session
Address Configuration > Session
Connection Type is not Set
in Profile or is not set to
one of the following:
• PCoIP Connection Manager
• PCoIP Connection Manager +
Auto-Logon

Session Auto Detect Session > Session Server URI Not migrated when PCoIP
Configuration Server URI Type Management Console 1
property Session
Configuration > Session
Connection Type is not Set
in Profile or is not set to
Auto Detect.

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Session Auto-Logon Session > Session Logon Username Not migrated when PCoIP
Configuration Username Type Management Console 1
property Session
Configuration > Session
Connection Type is not Set
in Profile or is not set to
one of the following:
• View Connection Server +
Auto-Logon
• PCoIP Connection Manager +
Auto-Logon

Session Auto-Logon Session > Session Logon Password Not migrated when PCoIP
Configuration Password Type Management Console 1
property Session
Configuration > Session
Connection Type is not Set
in Profile or is not set to
one of the following:
• View Connection Server +
Auto-Logon
• PCoIP Connection Manager +
Auto-Logon

Session Auto-Logon Session > Session Logon Domain Not migrated when PCoIP
Configuration Domain Type Name Management Console 1
property Session
Configuration > Session
Connection Type is not Set
in Profile or is not set to
one of the following:
• View Connection Server +
Auto-Logon
• PCoIP Connection Manager +
Auto-Logon

Session Enable View Never migrated. Not used

Configuration Connection in firmware 4.x and later.
Server SSL

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Session Kiosk Mode Session > Session Username Not migrated when PCoIP
Configuration Custom Type Management Console 1
Username property Session
Configuration > Session
Connection Type is not Set
in Profile or is not set to
View Connection Server +
Kiosk.

Session Kiosk Mode Session > Session Password Not migrated when PCoIP
Configuration Password Type Management Console 1
property Session
Configuration > Session
Connection Type is not Set
in Profile or is not set to
View Connection Server +
Kiosk.

Session Organization ID Never migrated. Currently

Configuration not included in PCoIP
Management Console.

Session OneSign Direct Never migrated. Currently

Configuration to View Address not included in PCoIP
Management Console.

Session Disconnect Session > Session Disconnect

Configuration Dialog Display Type Message Filter
Mode

Session Enable Login Session > Session Remember

Configuration Username Type Username
Caching

Session Prefer GSC-IS Session > Session Prefer GSC-IS

Configuration Over PIV Type
Endpoint

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Session Proximity Session > Session Pre-Session

Configuration Reader Beep Type Reader Beep
Mode

Encryption Enable Never migrated. Applies

Configuration Salsa20-256- to Tera1 endpoints only.
Round12
Encryption

Encryption Enable Never migrated. Not

Configuration AES-128-GCM configurable in FW 5.0.0
Encryption and later.

Encryption Enable Never migrated. Not

Configuration AES-256-GCM configurable in FW 5.0.0
Encryption and later.

Encryption Session Session > Session Session

Configuration Negotiation Type Negotiation
Security Level Cipher

OSD Hidden Menu Security Hidden OSD

Configuration Entries Menu Entries

Image Low Bandwidth Never migrated. Currently

Configuration Text Codec not included in PCoIP
Mode Management Console.

Image Enable Client Never migrated. Remote

Configuration Image Settings Workstation card
property.

Display Enable Monitor Never migrated. Remote

Configuration Emulation on Workstation card
Video Port 1-4 property.

Display Enable Host Never migrated. Remote

Configuration Hot-Plug Delay Workstation card
property.

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Display nable Display Session > Display Clone Primary

Configuration Cloning Configuration Display

Display Enable Never migrated. Remote

Configuration Accelerated Workstation card
Monitor property.
Emulation

Time Enable DST Other > Time Daylight Saving

Configuration Time

Time Time Zone Other > Time Time Zone Converted to IANA
Configuration Offset zoneinfo time zone. See
Time Zone Definitions for
PCoIP Management
Console 1 or 2

Security Password Security Local

Configuration Administrative
Password

Security Enable Security Enable Password

Configuration Password Protection for
Protection OSD and AWI

Security Enable 802.1X Security 802.1X Legacy

Configuration Support for Support
Legacy
Switches

Audio Enable Vista/ Never migrated. Remote

Permissions Windows 7 64- Workstation card property
bit Mode

Audio Enable Audio Never migrated. Remote

Permissions Line In Workstation card property

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Audio Dual Audio Never migrated. Currently

Permissions Output Mode not included in PCoIP
Management Console.

Audio Audio In Device Session > Audio Audio Device

Permissions Type Input Type

Audio Audio In Session > Audio Preferred USB

Permissions Preferred USB Input Vendor ID
Vendor ID

Audio Audio In Session >Audio Preferred USB

Permissions Preferred USB Input Device Product
Device Product ID
ID

Audio Audio Out Session > Audio Audio Device

Permissions Device Type Output Type

Audio Audio Out Session > Audio Preferred USB

Permissions Preferred USB Output Vendor ID
Vendor ID

Audio Audio Out Session / Audio Preferred USB

Permissions Preferred USB Output Device Product
Device Product ID
ID

Power Client Power Power Remote Host

Permissions Button Function Power Control

Power Wake-on-USB Power Wake-on-USB

Permissions Mode

Power Wake-on-LAN Power Wake-on-LAN

Permissions Mode

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Power Power On After Power Power On After

Permissions Power Loss Power Loss
ModeA

Power Client Power power Auto Power-Off

Permissions Down Timeout Timeout
Seconds

Power Display Power Display Suspend

Permissions Suspend Timeout
Timeout
Seconds

Host Driver Enable Host Never migrated. Remote

Configuration Driver Workstation card
property.

Event Log Enable Never migrated. Not used

Control Diagnostic Log in firmware 5.0.0 and
later.

Event Log Event Log Filter Never migrated. Not used

Control Mode in firmware 5.0.0 and
later.

Event Log Syslog Facility Logging Syslog Facility

Control Number

Event Log Enhanced Logging Enhanced Not migrated when PCoIP

Control Logging Mode Logging Mode Management Console 1 is
Mask configured to Enhanced
logging disabled.

Peripheral Enable USB Peripheral EHCI

Configuration EHCI

Peripheral Force Local Peripheral Force Local Migrated in MC 3.2

Configuration Cursor Visible Cursor Visibility

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Peripheral Devices Forced Migrated in MC 3.2. This

to USB 1.1 feature is available in
firmware 5.0+

IPv6 IPv6 Domain Network IPv6 Domain Not migrated when PCoIP
Configuration Name Name Management Console 1
property IPv6 Configuration
> Enable IPv6 is not Set in
Profile or is set to False

IPv6 Enable DHCPv6 Network DHCPv6 Not migrated when PCoIP

Configuration Management Console 1
property IPv6 Configuration
> Enable IPv6 is not Set in
Profile or is set to False

IPv6 Enable SLAAC Network SLAAC Not migrated when PCoIP

Configuration Management Console 1
property IPv6 Configuration
> Enable IPv6 is not Set in
Profile or is set to False

IPv6 IPv6 Gateway IPv6 Gateway Network IPv6 Gateway

Configuration Address Address Prefix
Length

IPv6 IPv6 Primary IPv6 Primary DNS Network Primary IPv6 DNS
Configuration DNS Address Address Prefix
Length

IPv6 IPv6 Secondary IPv6 Secondary Network Secondary IPv6 DNS

Configuration DNS Address DNS Address
Prefix Length

SCEP SCEP Server Never migrated. Currently

Configuration URI not included in PCoIP
Management Console

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

SCEP Challenge Never migrated. Currently

Configuration Password not included in PCoIP
Management Console

SCEP Use Certificate Never migrated. Currently

Configuration for 802.1X not included in PCoIP
Management Console

Display Preferred Session > Display Preferred Not migrated when PCoIP
Configuration Override Configuration: Resolution Management Console 1
Resolution on Video Port 1-4 property Preferred
Port 1-4 Resolution is set to Native

Display Display Layout Session > Display Display Layout Not migrated when PCoIP
Topology Alignment Configuration: Alignment Management Console 1
Configuration Dual/Quad Display property Display Topology
(Dual and Topology Configuration > Enable
Quad) Configuration is not Set in
Profile or is set to False

Display Primary Port Session > Display Primary Port Not migrated when PCoIP
Topology Configuration: Management Console 1
Configuration Dual/Quad Display property Display Topology
(Dual and Topology Configuration > Enable
Quad) Configuration is not Set in
Profile or is set to False

Display Position Session > Display Position Not migrated when PCoIP
Topology Configuration: Management Console 1
Configuration Dual/Quad Display property Display Topology
(Dual and Topology Configuration > Enable
Quad) Configuration is not Set in
Profile or is set to False

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Display Rotation Session > Display Rotation Not migrated when PCoIP
Topology Configuration: Management Console 1
Configuration Dual/Quad Display property Display Topology
(Dual and Topology Configuration > Enable
Quad) Configuration is not Set in
Profile or is set to False

Display Resolution Session > Display Resolution Not migrated when PCoIP
Topology Configuration: Management Console 1
Configuration Dual/Quad Display property Display Topology
(Dual and Topology Configuration > Enable
Quad) Configuration is not Set in
Profile or is set to False

Profile OSD Other > OSD OSD Logo Never migrated

Logo

Profile Software Firmware Version

Firmware

Image Low Bandwidth Image Enable Low Migrated value applicable

Configuration Text Codec Bandwidth Text only for DUAL Client
Mode Codec device

Image Enable Client Image Use Client Image Migrated value applies to
Configuration Image Settings Settings Host (DUAL and QUAD)
device only

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Display Enable Monitor Session Monitor Migrated values apply to

Configuration Emulation on Emulation: Video Host device only. Values
Video Port 1-4 Port 1 of port 3 and 4 are
Monitor ignored for DUAL type
Emulation: Video
Port 2
Monitor
Emulation: Video
Port 3
Monitor
Emulation: Video
Port 4

Display Enable Host Session Host Hot- Migrated value

Configuration Hot-Plug Delay Plug Delay applies to Host
(DUAL and
QUAD) device
only

Display Enable Display Session > Monitor Clone Primary Applies to Client DUAL
Configuration Cloning Emulation Display devices only

Display Enable Session > Monitor Accelerated Migrated value applies to

Configuration Accelerated Emulation Monitor Host (DUAL and QUAD)
Monitor Emulation device only
Emulation

Audio Enable Vista/ Never migrated. Applied

Permissions Windows 7 64- to Tera1 devices
bit Mode

Audio Enable Audio Session > Audio Audio Line In

Permissions Line In

Audio Audio In Device Session > Audio Audio Device Migrated value applies to
Permissions Type Input Type Client (DUAL and QUAD)
device only

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Audio Audio In Session > Audio Preferred USB Migrated value applies to
Permissions Preferred USB Input Vendor ID Client (DUAL and QUAD)
Vendor ID device only

Audio Audio In Session > Audio Preferred USB Migrated value applies to
Permissions Preferred USB Input Device Product Client (DUAL and QUAD)
Device Product ID device only
ID

Audio Audio Out Session > Audio Audio Device Migrated value applies to
Permissions Device Type Output Type Client (DUAL and QUAD)
device only

Audio Audio Out Session > Audio Preferred USB Migrated value applies to
Permissions Preferred USB Output Vendor ID Client (DUAL and QUAD)
Vendor ID device only

Audio Audio Out Session > Audio Preferred USB Migrated value applies to
Permissions Preferred USB Output Device Product Client (DUAL and QUAD)
Device Product ID device only
ID

Power Client Power Power Remote Host Migrated value applies to

Permissions Button Function Power Control Client (DUAL and QUAD)
device only
Only the following values
from MC1 are migrated, e
rest are no longer
supported in MC 3

The user can only invoke

a hard power off

The user cannot invoke

any power off

Power Wake-on-LAN Power Wake-on-LAN Migrated value applies to

Permissions Mode Host (DUAL and QUAD)
device only

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Power Power On After Power Power On After Migrated value applies to

Permissions Power Loss Power Loss Client (DUAL and QUAD)
Mode device only

Power Client Power Power Auto Power-Off Migrated value applies to

Permissions Down Timeout Timeout Client (DUAL and QUAD)
Seconds device only

Power Display Power Display Suspend Migrated value applies to

Permissions Suspend Timeout Client (DUAL and QUAD)
Timeout device only
Seconds

Host Driver Enable Host Host Driver Host Driver Migrated value applies to
Configuration Driver Host (DUAL and QUAD)
device only

Peripheral Enable USB Peripheral EHCI Migrated value applies to

Configuration EHCI Client (DUAL and QUAD)
device only

SCEP SCEP Server Never Migrated. Included

Configuration URI under ENDPOINT
CERTIFICATES IN mc 3.1

SCEP Challenge Never Migrated. Included

Configuration Password under ENDPOINT
CERTIFICATES IN mc 3.1

SCEP Use Certificate Never Migrated. Included

Configuration for 802.1X under ENDPOINT
CERTIFICATES IN mc 3.1

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

Release 1 Release 1 Current Release Current Release Migration Notes

Category Property Name Category Property Name

Display Primary Port "Session > Position "Not migrated when

Topology Monitor PCoIP Management
Configuration emulation: Quad Console 1 property Display
(Dual and Display Session > Topology Configuration >
Quad) Monitor Emulation Enable Configuration is not
Dual Display" Set in Profile or is set to
False.
Migrated value applies to
Client (DUAL and QUAD)
device only"

Display Rotation "Session > Rotation "Not migrated when

Topology Monitor PCoIP Management
Configuration emulation: Quad Console 1 property
(Dual and Display Session > ''Display Topology
Quad) Monitor Emulation Configuration > Enable
Dual Display" Configuration** is not Set
in Profile or is set to False.
Migrated value applies to
Client device only. Values
for Prot 3 and 4 ignored
for DUAL display"

Display Resolution "Session > Resolution "Not migrated when

Topology Monitor PCoIP Management
Configuration emulation: Quad Console 1 property
(Dual and Display Session > Display Topology
Quad) Monitor Emulation Configuration > Enable
Dual Display" Configuration is not Set in
Profile or is set to False.
Migrated value applies to
Client device only. Values
for Prot 3 and 4 ignored
for DUAL display

Profile Software Never migrated. All

Firmware migrated profiles are
assigned to appropriate
Zero client or Hard Host
firmware

PCoIP Management Console 1 Profile Properties Renamed or Not Migrated

In addition to the previous table, the following table lists properties that are also not migrated
when you import a PCoIP Management Console 1 profile, because they are not managed by the
PCoIP Management Console newer releases.

Zero Client Properties Not Managed by the PCoIP Management Console

Firmware Property Firmware Description

Version

Prefer IPv6 FQDN 4.8.0 Not managed by PCoIP Management Console 1.x or later releases of
Resolution PCoIP Management Console

IPv6 Address 4.8.0 Not managed by PCoIP Management Console 1.x or later releases of
Resolution PCoIP Management Console

OSD Region Tab 5.0.0 Never managed by PCoIP Management Console 1.x
Lockout

Time Zone Definitions for PCoIP Management Console 1 or later releases

Time Zone Definitions for PCoIP Management

Console 1 or later releases

Reference to PCoIP Management Console refer to releases 2.0 or later, unless otherwise specified.

The PCoIP Management Console web interface uses Internet Assigned Numbers Authority (IANA)
time zone definitions to let users configure the PCoIP Management Console web interface in their
local time. The following table shows how the profile import script converts the PCoIP
Management Console 1 time zones to PCoIP Management Console IANA time zones.

 Note: Endpoints use IANA time zone definitions as of zero point firmware 5.0.0

As of firmware 5.0.0, Tera2 PCoIP Zero Client endpoints also use IANA time zone definitions for setting the endpoint’s
local time. If endpoints are downgraded from firmware 5.0 or later to a version older than 5.0.0, the older Windows
time zones will be used, and the endpoint’s local time setting will revert to (GMT) Greenwich Mean Time: Dublin,
Edinburgh, Lisbon, London. To reset the local time, you can use PCoIP Management Console 1.x to configure a group
of endpoints, or you can use an individual endpoint’s AWI to manually configure its local time.

 Note: Time zone selection/setting in PCoIP Management Console display offset as standard time

Time zone selection on Profile > Edit > OTHER and Settings > USERS > Edit pages show offsets with respect to
'Standard Time' only (not the 'Daylight Savings Time').

PCoIP Management Console 1 and PCoIP Management Console Time Zone Definitions

PCoIP Management Console 1 Time Zone Definition PCoIP Management Console Time Zone Definition

gmt_minus_1200_international_date_line_west Asia/Anadyr

gmt_minus_1100_midway_island Pacific/Midway

gmt_minus_1000_hawaii Pacific/Honolulu

gmt_minus_0900_alaska America/Anchorage

Time Zone Definitions for PCoIP Management Console 1 or later releases

PCoIP Management Console 1 Time Zone Definition PCoIP Management Console Time Zone Definition

gmt_minus_0800_pacific_time America/Vancouver

gmt_minus_0800_tijuana America/Tijuana

gmt_minus_0700_arizona America/Phoenix

gmt_minus_0700_chihuahua_new America/Chihuahua

gmt_minus_0700_chihuahua_old America/Chihuahua

gmt_minus_0700_mountain_time America/Denver

gmt_minus_0600_central_america America/Costa_Rica

gmt_minus_0600_central_time America/Chicago

gmt_minus_0600_guadalajara_new America/Mexico_City

gmt_minus_0600_guadalajara_old America/Mexico_City

gmt_minus_0600_saskatchewan America/Regina

gmt_minus_0500_bogota America/Bogota

gmt_minus_0500_eastern_time America/New_York

gmt_minus_0500_indiana America/Indiana/Indianapolis

gmt_minus_0430_caracas America/Caracas

gmt_minus_0400_atlantic_time Atlantic/Bermuda

gmt_minus_0400_la_paz America/La_Paz

gmt_minus_0400_manaus America/Manaus

gmt_minus_0400_santiago America/Santiago

Time Zone Definitions for PCoIP Management Console 1 or later releases

PCoIP Management Console 1 Time Zone Definition PCoIP Management Console Time Zone Definition

gmt_minus_0330_newfoundland America/St_Johns

gmt_minus_0300_brasilia America/Sao_Paulo

gmt_minus_0300_buenos_aires America/Argentina/Buenos_Aires

gmt_minus_0300_greenland America/Godthab

gmt_minus_0300_montevideo America/Montevideo

gmt_minus_0200_mid_atlantic Atlantic/South_Georgia

gmt_minus_0100_azores Atlantic/Azores

gmt_minus_0100_cape_verde_is Atlantic/Cape_Verde

gmt_plus_0000_casablanca Africa/Casablanca

gmt_plus_0000_greenwich_mean_time Europe/London

gmt_plus_0100_amsterdam Europe/Amsterdam

gmt_plus_0100_belgrade Europe/Belgrade

gmt_plus_0100_brussels Europe/Brussels

gmt_plus_0100_sarajevo Europe/Sarajevo

gmt_plus_0100_west_central_africa Africa/Lagos

gmt_plus_0100_windhoek Africa/Windhoek

gmt_plus_0200_amman Asia/Amman

gmt_plus_0200_athens Europe/Athens

gmt_plus_0200_beirut Asia/Beirut

Time Zone Definitions for PCoIP Management Console 1 or later releases

PCoIP Management Console 1 Time Zone Definition PCoIP Management Console Time Zone Definition

gmt_plus_0200_cairo Africa/Cairo

gmt_plus_0200_harare Africa/Harare

gmt_plus_0200_helsinki Europe/Helsinki

gmt_plus_0200_jerusalem Asia/Jerusalem

gmt_plus_0200_minsk Europe/Minsk

gmt_plus_0300_baghdad Asia/Baghdad

gmt_plus_0300_kuwait Asia/Kuwait

gmt_plus_0300_moscow Europe/Moscow

gmt_plus_0300_nairobi Africa/Nairobi

gmt_plus_0330_tehran Asia/Tehran

gmt_plus_0400_abu_dhabi Asia/Dubai

gmt_plus_0400_baku Asia/Baku

gmt_plus_0400_caucasus_standard_time Asia/Yerevan

gmt_plus_0400_yerevan Asia/Yerevan

gmt_plus_0430_kabul Asia/Kabul

gmt_plus_0500_ekaterinburg Asia/Yekaterinburg

gmt_plus_0500_islamabad Asia/Karachi

gmt_plus_0530_chennai Asia/Kolkata

gmt_plus_0530_sri_jayawardenepura Asia/Colombo

Time Zone Definitions for PCoIP Management Console 1 or later releases

PCoIP Management Console 1 Time Zone Definition PCoIP Management Console Time Zone Definition

gmt_plus_0545_kathmandu Asia/Kathmandu

gmt_plus_0600_almaty Asia/Almaty

gmt_plus_0600_astana Asia/Almaty

gmt_plus_0630_yangon Asia/Rangoon

gmt_plus_0700_bangkok Asia/Bangkok

gmt_plus_0700_krasnoyarsk Asia/Krasnoyarsk

gmt_plus_0800_beijing Asia/Hong_Kong

gmt_plus_0800_irkutsk Asia/Chita

gmt_plus_0800_kuala_lumpur Asia/Kuala_Lumpur

gmt_plus_0800_perth Australia/Perth

gmt_plus_0800_taipei Asia/Taipei

gmt_plus_0900_osaka Asia/Tokyo

gmt_plus_0900_seoul Asia/Seoul

gmt_plus_0900_yakutsk Asia/Yakutsk

gmt_plus_0930_adelaide Australia/Adelaide

gmt_plus_0930_darwin Australia/Darwin

gmt_plus_1000_brisbane Australia/Brisbane

gmt_plus_1000_canberra Australia/Sydney

gmt_plus_1000_guam Pacific/Guam

Time Zone Definitions for PCoIP Management Console 1 or later releases

PCoIP Management Console 1 Time Zone Definition PCoIP Management Console Time Zone Definition

gmt_plus_1000_hobart Australia/Hobart

gmt_plus_1000_vladivostok Asia/Vladivostok

gmt_plus_1100_magadan Asia/Magadan

gmt_plus_1200_auckland Pacific/Auckland

gmt_plus_1200_fiji Pacific/Fiji

gmt_plus_1300_nukualofa Pacific/Tongatapu

Expanding the PCoIP Management Console Disk Size

Expanding the PCoIP Management Console Disk

Size

The following steps are required to expand the vdisk of the PCoIP Management Console.

 Caution: Modifying virtual machine settings should only be considered by qualified individuals

Modifying any virtual machine settings should only be considered by qualified individuals. Teradici strongly
recommends you do a db backup of the PCoIP Management Console and download the archive file to a safe location.
You should also take a snapshot of the virtual machine prior to modifying any settings.

To expand your PCoIP Management Console disk size:

1. Check the current disk size from the command prompt:

df --total
This will display the space used by each volume in /dev/mapper/vg_main-lv_root.

2. Ensure you have allocated enough disk space.

3. From vSphere, select the virtual machine to be modified and power it down.

4. Determine the increased disk size.

5. Edit the virtual machine settings to increase the vDisk and the vRAM. To do this, run sudo
fdisk /dev/sda and follow these steps in order:

a. You may get a Warning about DOS-compatible mode being deprecated. Type C to switch
off DOS-compatible mode. Type U to change display units to sectors.

b. Press P to print the partition table to identify the number of partitions. By default, there
are 2: sda1 and sda2.

c. Press N to create a new primary partition.

d. Press P for primary.

e. Press 3 for the partition number, depending on the output of the partition table print.

f. Press Enter two times.

g. Press T to change the system's partition ID.

h. Press 3 to select the newly creation partition.

Expanding the PCoIP Management Console Disk Size

i. Type 8e to change the Hex Code of the partition for Linux LVM.

j. Press W to write the changes to the partition table.

6. Run sudo init 6 to restart the virtual machine.

7. When the virtual machine restarts, run the following commands in order:

a. sudo pvcreate /dev/sda3 (This should create the physical volume /dev/sda3).

b. sudo vgextend vg_main /dev/sda3 (This will extend the Volume Group VG_Main).

c. sudo vgdisplay (This will display information about the Volume Group. Make note of the
Free PE / Size. The first number is the number of free extents and will be used in the
following command).

d. sudo lvextend -l 511 /dev/mapper/vg_main-lv_root (You will get a message telling

you the volume has been extended from 8.31GB to 15.97GB / 511 extents).

e. sudo resize2fs /dev/mapper/vg_main-lv_root (This will resize the partition).

f. sudo init 6 (this will restart the virtual machine).

8. Power the virtual machine back on.

 Note: Extending logical volume in Linux

For information on how to extend logical volume in a virtual machine running RedHat or CentOS, see http://
kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006371.

Using your Virtual Machine Console to Administer Licenses when Connected to the Internet

Using your Virtual Machine Console to Administer

Licenses when Connected to the Internet

 Info: Virtual machine console

The use of the vm console is required for license management on PCoIP Management Console releases 2.0 to 3.0.
From MC 3.1 onwards, a UI is present for managing licenses when connected to the internet.

Activating Licenses

Using your virtual machine console to activate your PCoIP Management Console Enterprise license:

1. Connect to your PCoIP Management Console virtual machine console and log in using the
admin account and password. See Logging in to the PCoIP Management Console OVA Virtual
Machine Console.

2. Run the following command:

/opt/teradici/licensing/mc_activate_lic.sh -k <entitlementID>
where entitlementID is the activation key you received via email.
Example:
/opt/teradici/licensing/mc_activate_lic.sh -k 1234-5678-90AB-CDEF

Using your virtual machine console to activate your PCoIP Management Console Enterprise license from
behind a proxy server:

 Info: Proxy parameter

Activating PCoIP Management Console Enterprise license when the PCoIP Management Console is located behind a
proxy server requires appending the -p parameter that defines the proxy parameters.

1. Connect to your PCoIP Management Console virtual machine console and log in using the
admin account and password.

Viewing Installed Licenses

2. Run the following command:

/opt/teradici/licensing/mc_activate_lic.sh -k <entitlementID> -p
[<user:password>@] <proxyhost:port>

where:
<entitlementID. is the activation key you received via email.
[<user:password>] is optional. If >user is provided, password must also be provided.
<proxyhost:port> is the IP address and port number of your proxy server.

Examples:

• If the proxy requires a user name and password:

/opt/teradici/licensing/mc_activate_lic.sh -k 1234-5678-90AB-CDEF -p
bob:bobpasswd@192.168.45.23:3128

• If the proxy does not require a user name and password:

/opt/teradici/licensing/mc_activate_lic.sh -k 1234-5678-90AB-CDEF -p
192.168.45.23:3128

Viewing Installed Licenses

Once your license is activated, its information is stored on the PCoIP Management Console virtual
machine.

You can view the installed licenses via the command prompt on the vm console.

View installed licenses via the command prompt:

1. Connect to your PCoIP Management Console virtual machine console and log in using the
admin account and password. See Logging in to the PCoIP Management Console OVA Virtual
Machine Console.

2. Run the following command:

/opt/teradici/licensing/mc_view_lic.sh

Deactivating Licenses

The script will output the following information:

• Fulfillment ID: XXXXXXXX: An ID assigned to a license after it is activated. This ID is required if

you deactivate the license. The fulfillment ID will be different each time you reactivate a
license after it has been deactivated.

• Entitlement ID: XXXX-XXXX-XXXX-XXXX: The license key you received via email that you use to
activate your license.

• Expiration date: DD-MMM-YYYY: The day, month, and year your license expires.

 Note: Deactivating license reverts PCoIP Management Console to PCoIP Management Console Free

PCoIP Management Console will run in Free mode when all its licenses are deactivated.

!!! warning "Warning: Internet Access Required" When deactivating a license, an internet connection
to the licensing server is required unless the offline license activation steps are used.

Deactivating Your PCoIP Management Console License

Using your virtual machine console to deactivate PCoIP Management Console Enterprise license:

1. Connect to your PCoIP Management Console console and log in using the admin account and
password.

2. Run the following command:

/opt/teradici/licensing/mc_return_lic.sh -f <fulfillment_ID>

where <fulfillment_ID> is the ID assigned to the license after it was activated.

Example:
/opt/teradici/licensing/mc_return_lic.sh -f 12345678

Deactivating Your PCoIP Management Console License

 Note: Finding fulfillment ID

To find your fulfillment ID, see Viewing Installed Licenses.

To deactivate your PCoIP Management Console Enterprise license when the PCoIP Management Console is
located behind a proxy server:

1. Connect to your PCoIP Management Console Enterprise virtual machine console and log in
using the admin account and password. See Logging in to the PCoIP Management Console
OVA Virtual Machine Console.

2. Run the following command:

/opt/teradici/licensing/mc_return_lic.sh -f <fulfillmentId> -p
[<user:password>@] proxyhost:port>

where:
<fulfillmentID> is the ID assigned to the license after it was activated.
[<user:password>] is optional. If user is provided, password must also be provided.
<proxyhost:port> is the IP address and port number of your proxy server.

Example:

• If the proxy requires a user name and password:

/opt/teradici/licensing/mc_return_lic.sh -f 12345678 -p
bob:bobpasswd@192.168.45.23:3128

• If the proxy does not require a user name and password:

/opt/teradici/licensing/mc_return_lic.sh -f 12345678 -p 192.168.45.23:3128

HTTP Strict Transport Security

HTTP Strict Transport Security (HSTS) is a policy that helps protect web server appliances against
unwanted access. It allows only trusted connections with browsers using HTTPS. When HSTS is
enabled, it informs a web browser that has previously visited a site to only use HTTPS
connections. Web browsers that have never connected to the site may use HTTP for the initial
connection. HSTS is an IETF standards track protocol and specified in RFC 6797.

 Warning: Not all browsers will react the same way. Ensure you thoroughly test using all browsers you intend
to use

Some web browsers may terminate the connection to the web server and prevent access to the PCoIP Management
Console if the security of the connection cannot be verified. Therefor it is important to have a properly created and
trusted certificate installed into the Management Console and the ability for the web browser to be able to verify the
authenticity of that certificate.

HSTS can be enabled on the PCoIP Management Console by editing the mc-external-config.yml file.
It also requires a proper certificate be loaded on the PCoIP Management Console. For more
information on configuring HSTS and how it works please review RFC 6797.

The certificate requirements are determined by the browser you are using. See browser
documentation for requirements. Requirements include the following and can change at anytime:

• SHA 256 is the minimum signature algorithm

• CA signed (can not be a self signed certificate)

• Subject Alternative Name (Chrome requirement)

To enable HSTS and configure the timeout setting:

1. Accessing the PCoIP Management Console Virtual Machine Consol

2. SSH to the PCoIP Management Console virtual machine console.

3. Log in as administrator and enter the command sudo su .

4. Change to the following directory:

/opt/teradici/console/config/

HTTP Strict Transport Security

5. Edit the mc-external-config.yml file to activate HSTS and set the time out by:

a. Uncommenting (remove # symbol) from the jetty, port, hsts, enabledHSTS and stsMaxAge
from the following lines:

#jetty:
# port: 8080
# sendServerVersion: false
# hsts:
# enableHSTS: false
# stsMaxAge: 31536000
# traceEnabled: false
# optionsEnabled: false

b. Editing the enableHSTS value to true.

enableHSTS: true

c. Editing the stsMaxAge value to the desired time out in seconds.

stsMaxAge: 31536000
!!! note "stsMaxAge" is configurable from the default of -1 to one year (31536000 seconds)
and defines how long the web browser should cache the HSTS policy against the server.
Your edited lines should look like the following:

jetty:
port: 8080
# sendServerVersion: false
hsts:
enableHSTS: true
stsMaxAge: 31536000
# traceEnabled: false
# optionsEnabled: false

6. Save your edits to mc-external-config.yml.

7. Restart the Management Console console service.

sudo service mcconsole restart

 Tip: Is HSTS enabled?

To confirm if HSTS is enabled, run

curl -k -s -vv https://<PCoIP Management Console ip address>/login/auth | grep Strict
and look at any HTTP response from the server. If enabled, the header will display the max age.

Chrony NTP Configuration

By default, the Management Console RPM based on CentOS uses chrony as the NTP client in
which there are default references to public NTP servers. To configure chrony to not communicate
with external time servers and adhere to your companies security policy, consider the following
actions:

1. Refer to your Security policy to ensure your NTP configuration complies to set standards.
Considerations should include:

• Confirming if your companies DNS server provides an NTP sever or server pool.

• Remove public server pools from chrony.conf

• Add your own public server pool to chrony.conf

• Disabling chrony

2. Review the current Management Console chrony configuration by entering the chronyc
sources -v command from the Management Console's console to provide a verbose listing
of NTP servers chrony is syncing too.

3. Consider using internal NTP servers authorized by your companies security policy by editing
the /etc/chrony.conf file.

Example

We have provided the following example of viewing and editing an NTP configuration. In this
example the default ntp servers are commented out and replaced by another NTP server.

1. Check the currently used NTP servers using chronyc sources -v .

[kono@localhost etc]$ chronyc sources -v

210 Number of sources = 6

Chrony NTP Configuration

|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* ip225.ip-54-39-173.net 2 10 377 652 +4224us[+4594us] +/-
35ms
^+ k8s-w02.tblflp.zone 2 9 373 147 -12ms[ -12ms] +/-
73ms
^- ntp2.torix.ca 2 9 377 113 +1082us[+1082us] +/-
538ms
^- dns2.switch.ca 3 9 377 95 +750us[ +750us] +/-
532ms
^- DC01.tera.local 3 6 377 48 -1332us[-1332us] +/- 98ms
^- DC02.tera.local 4 6 377 45 -1014us[-1014us] +/- 135ms
[kono@localhost etc]$

2. Edit the chrony.conf file to change the referenced NTP servers using the
sudo vi chrony.conf command. In this example, the public tick.usask.ca and internal
192.168.1.50 NTP servers are added. The iburst option speeds up the first synchronization
and the prefer option advises chrony which NTP server you want to use if available.

[kono@localhost etc]$ sudo vi chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).

server tick.usask.ca iburst prefer

server 192.168.1.50 iburst
# server 0.centos.pool.ntp.org iburst
# server 1.centos.pool.ntp.org iburst
# server 2.centos.pool.ntp.org iburst
# server 3.centos.pool.ntp.org iburst

# Record the rate at which the system clock gains/losses time.

driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates

# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).

rtcsync

# Enable hardware timestamping on all interfaces that support it.

#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust

# the system clock.

Chrony NTP Configuration

#minsources 2

# Allow NTP client access from local network.

#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.

#local stratum 10

# Specify file containing keys for NTP authentication.

#keyfile /etc/chrony.keys

# Specify directory for log files.

logdir /var/log/chrony

# Select which information is logged.

#log measurements statistics tracking

3. Restart chrony for the changes to take effect using the command sudo systemctl restart
chronyd .

[kono@localhost etc]$ sudo systemctl restart chronyd

==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: kono
Password:
==== AUTHENTICATION COMPLETE ===
[kono@localhost etc]$

4. Confirm the new configuration of the chrony.conf file.

[kono@localhost etc]$ chronyc sources -v

210 Number of sources = 4

.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- stervandc01a.teradici.lo> 3 6 17 4 -1183us[-1219us] +/-
104ms
^* time.usask.ca 1 6 17 3 -12us[ -48us] +/-

Disabling the Chrony

15ms
^- GSSDC01.terase.local 3 6 17 3 -4130us[-4130us] +/-
132ms
^- GSSDC02.terase.local 4 6 17 3 -3260us[-3260us] +/-
166ms
[kono@localhost etc]$

5. View status in real time using the command watch chronyc tracking

[kono@localhost etc]$ watch chronyc tracking

Every 2.0s: chronyc tracking

Reference ID : 80E99AF5 (time.usask.ca)

Stratum : 2
Ref time (UTC) : Fri Mar 22 15:50:33 2019
System time : 0.000050575 seconds slow of NTP time
Last offset : -0.000054492 seconds
RMS offset : 0.000197914 seconds
Frequency : 35.545 ppm slow
Residual freq : -0.001 ppm
Skew : 0.082 ppm
Root delay : 0.029674415 seconds
Root dispersion : 0.000992690 seconds
Update interval : 2078.7 seconds
Leap status : Normal

Disabling the Chrony

If required, disable chrony by issuing the following commands:

1. sudo systemctl stop chronyd to stop the chronyd service

2. sudo systemctl disable chronyd to disable the chrony service.

Issue the systemctl status chronyd command to confirm chrony is disabled.

SSH Security Considerations

The following SSH configuration considerations will help secure the Management Consoles
underlying OS SSH package. Thorough knowlegde of using Linux commands is assumed.

These considerations are based on the CentOS wiki which contain addtional configurations and
can be found at https://wiki.centos.org/HowTos/Network/SecuringSSH.

The following configurations are separated individually but you can make all these changes at
once if you decide that all these configurations conform to your IT departments security policy.

Disable Root Login

1. Edit /etc/ssh/sshd_config

# Prevent root logins:

PermitRootLogin no

2. Restart SSH

$ sudo service sshd restart

Limit User Logins

1. Edit /etc/ssh/sshd_config

# Limit User Logins to the following

AllowUsers admin

2. Restart SSH

$ sudo service sshd restart

Disable SSH Protocol 1

1. Edit /etc/ssh/sshd_config

# Protocol 2,1Protocol 2

2. Restart SSH

$ sudo service sshd restart

Use Public/Private Keys for authentication and disable

Password Authentication
1. Generate public and private certificate.

$ ssh-keygen -t rsa

a. Either specify a file name or accept the default.

b. If you want to be asked for a password everytime you connect, supply a passphrase.

c. A private (id_rsa by default) and a public key (id_rsa.pub by default) will be created in the
~/.ssh directory.

2. In the Management Console, ssh as admin and copy the public key in the ~/.ssh folder. You
may need to create the ~/.ssh folder.

3. Install the public key into the authorized_keys list:

$ cat id_rsa.pub >> ~/.ssh/authorized_keys

4. Set permissions on the .ssh directory and authorized_keys file

$ chmod 700 ~/.ssh

$ chmod 600 ~/.ssh/authorized_keys

5. Enable SSH public key authentication

a. Edit /etc/ssh/sshd_config

#Enable Public Key authentication

PubkeyAuthentication yes

b. Restart SSH

Use Public/Private Keys for authentication and disable Password Authentication

$ sudo service sshd restart

6. In the workstation where you will run the ssh client, copy the private key in the ~/.ssh folder.
Set the permissions as follows:

```
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa
```

7. Test the SSH connection using public/private keys by using SSH to connect to your VM from a
different VM where you have copied your generated SSH key

$ ssh admin@your_mc_ip_or_fqdn -i ~/.ssh/id_rsa

8. Disable password authentication.

a. Edit /etc/ssh/sshd_config

# Disable password authentication forcing use of keys:

PasswordAuthentication no

b. Restart SSH

$ sudo service sshd restart

AMI Downloads by Region

List of PCoIP Management Console 19.11.2 AMI downloads by regions hosted in Amazon.

Region AMI ID Location/City

ap-northeast-1 ami-0483e70f15c4a6d56 Tokyo

ap-northeast-2 ami-099f63f0d0f9d8e7c Seoul

ap-south-1 ami-05116adef6edff87c Mumbai

ap-southeast-1 ami-0e6287ac201187c1a Singapore

ap-southeast-2 ami-0e78359d7de3ca818 Sydney

ca-central-1 ami-02f9a48dc44c8405b Canada

eu-central-1 ami-09b22bc9d37573539 Frankfurt

eu-north-1 ami-062a58b617b2ad9ef Stockholm

eu-west-1 ami-0ecc3e7b12f1f8544 Ireland

eu-west-2 ami-0556957791e2b1abb London

eu-west-3 ami-09f710fdf729fc4a3 Paris

sa-east-1 ami-05f2f44f242f74ca7 Sao Paulo

us-east-1 ami-09f9e9b2fe4d6b1c5 N. Virginia

us-east-2 ami-0e883675ed5382678 Ohio

us-west-1 ami-0e763452bee74cb52 N. California

us-west-2 ami-0e3af41d152d4112f Oregon

Troubleshooting

The troubleshooting section of this guide allows users to easily find the topics and links that are
required for various aspects of troubleshooting your PCoIP Management Console.

• The PCoIP Management Console records logs of its activity on a rotational basis. Logs also
have two levels which can be set depending on how much details is required to solve an issue.
For further information, see Managing PCoIP Management Console Logs.

Troubleshooting Endpoints in Recovery Mode

Recovery mode is a special version of the zero client firmware that takes effect when the client
experiences a problem that renders it unable to operate. Recovery mode automatically becomes
active under the following conditions:

• A firmware update fails.

• he client has an invalid configuration.

• The client has been unable to complete its boot sequence after a number of attempts.

This mode lets you correct the configuration, or upload a replacement firmware or certificate file.
You can do this directly from a client’s AWI or you can use a PCoIP Management Console profile to
correct the problem.

Locating Endpoints in Recovery Mode

 Note: Recovery mode is only available for Tera2 PCoIP Zero Clients

Recovery mode is not available on remote workstation cards.

If you have an endpoint in recovery mode, make a note of its firmware version number. You can
then locate all endpoints in recovery mode from the PCoIP Management Console ENDPOINTS
page by creating a filter to display endpoints running this firmware version.

The following example creates a filter for firmware version earlier than 5.0.0.

Recovery Mode Causes and Solutions

Filter criterion for finding endpoints in recovery mode

Recovery Mode Causes and Solutions

The following problems can cause an endpoint to be in recovery mode:

• The client may have been forced into recovery mode by a user repeatedly tapping the power
button when turning on the endpoint. If so, rebooting (resetting) the zero client may return it to
the main firmware.

• If the client does not load the main firmware but boots into the recovery image immediately
when powered up, then it is likely that a firmware upload operation was interrupted and the
client does not contain a valid firmware image. Apply a profile to upload a new firmware image
to the zero client and reboot the client to return to working firmware.

• If the zero client attempts to boot to the main firmware images a few times (the splash screen
is displayed for a bit) but eventually switches to the recovery image, then it is likely that the
firmware configuration is not valid. See Resetting Endpoint Properties to Their Defaults to
clear this problem and then re-provision the endpoint.

Recovery Mode Examples

The following example shows a client with a completed firmware upload status. It may have
switched to recovery mode by a user repeatedly tapping its power button. In this case, simply
performing a power reset may recover the endpoint.

Client in Recovery Mode with Completed Firmware Upload

The next example shows a client in recovery mode because a firmware upload was interrupted. In
this case, applying the profile will download the firmware again and may recover the endpoint.

Client in Recovery Mode with Failed Firmware Upload

If rebooting a client or uploading firmware again does not recover the endpoint, you must reset
parameters to factory defaults and re-provision the endpoint.

 Note: Use the client's AWI to reset and configure parameters

You can also use the client’s AWI to reset parameters and reconfigure it. See Accessing an Endpoint’s AWI.

Troubleshooting DNS

This troubleshooting reference provides some steps to perform to ensure that you have the
correct PCoIP Management Console information configured in your DNS server.

 Note: Instructions are for Windows only

These instructions apply to the Windows platform.

The procedure shown next checks that you have a DNS A record that maps the PCoIP
Management Console’s host name to its IP address for forward lookups, and a DNS PTR record
that maps the PCoIP Management Console’s IP address to its host name for reverse lookups. In
addition, it checks that a DNS SRV record for _pcoip-bootstrap exists, and that the DNS TXT record
containing the PCoIP Management Console’s certificate fingerprint exists and is located in the
right place.

Also note that:

• DNS records have a time-to-live value that dictates how long the records are cached. If your
nslookup results show old information, please try clearing the PC’s DNS cache using the
ipconfig /flushdns command before running the nslookup commands in this example
again.
For example,
C:\Users\username> ipconfig /flushdns

Windows IP Configuration
Successfully flushed the DNS Resolver Cache

• Zero client endpoints will cache DNS results for the entire time-to-live period. You can clear
this cache by power cycling the endpoint.

• The following SHA-256 fingerprint shown is the default PCoIP Management Console
certificate fingerprint. If you have created your own certificates, this value will be different.

• The following example uses sample IP addresses and host names for the primary DNS server
and PCoIP Management Console. Please substitute your own server and PCoIP Management
Console 2 information for these names and addresses.

Troubleshooting DNS

• The information returned by the nslookup commands is shown in gray text after each
command.

To verify DNS PCoIP Management Console information:

1. Log in to your Windows server.

2. Launch a command prompt window by clicking the Start button and typing cmd in the Search
box.

3. Launch nslookup from the command line prompt:

C:\Users\username> nslookup
Default Server: mydnsserver.mydomain.local
Address: 172.15.25.10

4. Instruct nslookup to connect to the DNS server under which you created the records. This
address should match the primary DNS server address configured in the endpoint’s network
settings.
> server 172.15.25.10

Default Server: mydnsserver.mydomain.local

Address: 172.15.25.10

5. Enter the FQDN of your PCoIP Management Console to perform a forward lookup to verify
that a DNS A record that maps the PCoIP Management Console host name to its IP address is
present:
> pcoip-mc.mydomain.local

Server: mydnsserver.mydomain.local
Address: 172.15.25.10

Name: pcoip-mc.mydomain.local
Address: 172.25.15.20

6. Enter the PCoIP Management Console’s IP address (found in the previous step) to perform a
reverse lookup to verify that a DNS PTR record that maps the PCoIP Management Console IP
address to its host name is present:
> 172.25.15.20

Server: mydnsserver.mydomain.local
Address: 172.15.25.10

Name: pcoip-mc.mydomain.local
Address: 172.25.15.20

Troubleshooting DNS

7. Set the record type to SRV and check that a DNS SRV record exists to tell endpoints the FQDN
of the PCoIP Management Console. In the second command, the domain name is the domain
under which your endpoints are configured:

> set type=srv

> _pcoip-bootstrap._tcp.myendpointdomain.local

Server: mydnsserver.mydomain.local
Address: 172.15.25.10:

> _pcoip-bootstrap._tcp.myendpointdomain.local SRV service location:

        priority =0
        weight =0
        port =5172
        svr hostname =pcoip-mc.mydomain.local
pcoip-mc.mydomain.local internet address = 172.25.15.20

8. Set the record type to TXT and check that a DNS TXT record exists containing the PCoIP
Management Console SHA-256 fingerprint. In the second command, the domain name is the
domain under which your endpoints are configured.

> set type=txt

> pcoip-mc.myendpointdomain.local

Server: mydnsserver.mydomain.local
Address: 172.15.25.10

pcoip-mc.mydomain.local text = "pcoip-bootstrap-cert=

B7:62:71:01:85:27:46:BB:E3:E9:5C:E2:34:2C:B5:76:7D:7A:F1:7F:6A:4D:5C:DB:AA:2B:
99:BD:D5:A9:28:91"

9. Exit nslookup:
> exit

FAQs

The latest PCoIP Management Console FAQs can be found here.

Contacting Support

If you encounter any problems installing, configuring, or running the PCoIP Management Console,
you can create a support ticket with Teradici.

Before creating a ticket, be prepared with the following:

• A detailed description of the problem

• The version or versions of PCoIP Management Console involved in the problem. See
Managing PCoIP Management Console Logs

• Appropriate logs that capture the issue. Locating the PCoIP Management Console’s Log Files

The Teradici Community Forum

The PCoIP Community Forum enables users to have conversations with other IT professionals to
learn how they resolved issues, find answers to common questions, have peer group discussions
on various topics, and access the Teradici PCoIP Technical Support Service team. Teradici staff
are heavily involved in the forums.

To visit the Teradici community, go to https://communities.teradici.com.

Finding the PCoIP Management Console Release Number

Finding the PCoIP Management Console Release

Number

You can find your PCoIP Manamgement Console release number using the PCoIP Manamgement
Console Dashboard.

To find your PCoIP Manamgement Console release number:

Browse to your PCoIP Management Console and view the release number at the bottom of the left
of the web interface. It will be in the format of #.#.#@####. For example, 19.05@9507

2022 Adobe® Premiere Pro Guide For Filmmakers and YouTubers
From Everand
2022 Adobe® Premiere Pro Guide For Filmmakers and YouTubers
Scott Bradley
5/5 (1)
Installation and Configuration of IBM FileNet Information Management Software: A step-by-step guide to installing and configuring IBM FileNet ECM and Case Manager on RHEL 8.0 (English Edition)
From Everand
Installation and Configuration of IBM FileNet Information Management Software: A step-by-step guide to installing and configuring IBM FileNet ECM and Case Manager on RHEL 8.0 (English Edition)
Alan Bluck
No ratings yet
SRS - How to build a Pen Test and Hacking Platform
From Everand
SRS - How to build a Pen Test and Hacking Platform
alasdair gilchrist
2/5 (1)
C# for Beginners: Learn in 24 Hours
From Everand
C# for Beginners: Learn in 24 Hours
Alex Nordeen
No ratings yet
B4A: Rapid Android App Development using BASIC
From Everand
B4A: Rapid Android App Development using BASIC
Wyken Seagrave
No ratings yet
Soloviev's Androgynous Sophia and The Jewish Kabbalah
100% (1)
Soloviev's Androgynous Sophia and The Jewish Kabbalah
10 pages
Management Console 20.10 Administrators Guide
No ratings yet
Management Console 20.10 Administrators Guide
350 pages
Software Client Linux 21 01
No ratings yet
Software Client Linux 21 01
81 pages
Using PCoIP Zero Clients With PCoIP Host Cards
No ratings yet
Using PCoIP Zero Clients With PCoIP Host Cards
21 pages
The Complete Guide to Installing Parrot OS
From Everand
The Complete Guide to Installing Parrot OS
mehul kothari
No ratings yet
VMware Horizon View Essentials
From Everand
VMware Horizon View Essentials
Peter von Oven
No ratings yet
IBM DB2 Administration Guide: Installation, Upgrade and Configuration of IBM DB2 on RHEL 8, Windows 10 and IBM Cloud (English Edition)
From Everand
IBM DB2 Administration Guide: Installation, Upgrade and Configuration of IBM DB2 on RHEL 8, Windows 10 and IBM Cloud (English Edition)
A S Bluck
No ratings yet
PlatformIO Development Essentials: Definitive Reference for Developers and Engineers
From Everand
PlatformIO Development Essentials: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
Professional Windows Embedded Compact 7
From Everand
Professional Windows Embedded Compact 7
Samuel Phung
No ratings yet
Cloud Infrastructure and Data Center
From Everand
Cloud Infrastructure and Data Center
Duong Tran
No ratings yet
Professional Heroku Programming
From Everand
Professional Heroku Programming
Chris Kemp
4/5 (2)
Accelerated Computing With HIP: Second Edition
From Everand
Accelerated Computing With HIP: Second Edition
Yifan Sun
No ratings yet
Installation, Upgrade, and Configuration of IBM Cognos Analytics: Smooth Onboarding of Data Analytics and Business Intelligence on Red Hat RHEL 8.0, IBM Cloud Private, and Windows Servers
From Everand
Installation, Upgrade, and Configuration of IBM Cognos Analytics: Smooth Onboarding of Data Analytics and Business Intelligence on Red Hat RHEL 8.0, IBM Cloud Private, and Windows Servers
Alan Bluck
No ratings yet
Getting Started with Red Hat Enterprise Virtualization
From Everand
Getting Started with Red Hat Enterprise Virtualization
Pradeep Subramanian
No ratings yet
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
From Everand
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
Mulayam Singh
No ratings yet
Installation and Configuration of IBM Watson Analytics and StoredIQ: Complete Administration Guide of IBM Watson, IBM Cloud, Red Hat OpenShift, Docker, and IBM StoredIQ (English Edition)
From Everand
Installation and Configuration of IBM Watson Analytics and StoredIQ: Complete Administration Guide of IBM Watson, IBM Cloud, Red Hat OpenShift, Docker, and IBM StoredIQ (English Edition)
Alan Bluck
No ratings yet
Pop!_OS System Administration Guide: Definitive Reference for Developers and Engineers
From Everand
Pop!_OS System Administration Guide: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
Living with Linux in the Industrial World
From Everand
Living with Linux in the Industrial World
Elaiya Iswera Lallan
No ratings yet
Linux Services Deployment
From Everand
Linux Services Deployment
Fabian Mestre
No ratings yet
Building Telephony Systems with OpenSER
From Everand
Building Telephony Systems with OpenSER
Goncalves Flavio E.
No ratings yet
Information Technology HandBook
From Everand
Information Technology HandBook
Duong Tran
3/5 (1)
CompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102
From Everand
CompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102
Troy McMillan
5/5 (2)
Python Automation for Beginners: A Practical Guide with Examples
From Everand
Python Automation for Beginners: A Practical Guide with Examples
William E. Clark
No ratings yet
Using Yocto Project with BeagleBone Black
From Everand
Using Yocto Project with BeagleBone Black
H M Irfan Sadiq
No ratings yet
Learning Robotics Using Python
From Everand
Learning Robotics Using Python
Lentin Joseph
No ratings yet
VMware Horizon 6 Desktop Virtualization Solutions
From Everand
VMware Horizon 6 Desktop Virtualization Solutions
Ryan Cartwright
No ratings yet
Jetpack Compose 1.5 Essentials: Developing Android Apps with Jetpack Compose 1.5, Android Studio, and Kotlin
From Everand
Jetpack Compose 1.5 Essentials: Developing Android Apps with Jetpack Compose 1.5, Android Studio, and Kotlin
Neil Smyth
No ratings yet
Raspberry Pi :The Ultimate Step by Step Raspberry Pi User Guide (The Updated Version )
From Everand
Raspberry Pi :The Ultimate Step by Step Raspberry Pi User Guide (The Updated Version )
Jason Scotts
4/5 (4)
Free Video Editor Software Untuk Windows, Mac Dan Linux Edisi Bahasa Inggris
From Everand
Free Video Editor Software Untuk Windows, Mac Dan Linux Edisi Bahasa Inggris
Cyber Jannah Studio
No ratings yet
PowerShell: A Comprehensive Guide to Windows PowerShell
From Everand
PowerShell: A Comprehensive Guide to Windows PowerShell
Sam Griffin
3.5/5 (2)
Jetpack Compose 1.6 Essentials: Developing Android Apps with Jetpack Compose 1.6, Android Studio, and Kotlin
From Everand
Jetpack Compose 1.6 Essentials: Developing Android Apps with Jetpack Compose 1.6, Android Studio, and Kotlin
Neil Smyth
5/5 (1)
Mastering OpenShift: Deploy, Manage, and Scale Applications on Kubernetes
From Everand
Mastering OpenShift: Deploy, Manage, and Scale Applications on Kubernetes
Robert Johnson
No ratings yet
Mastering eBPF: From Networking to Security in the Linux Kernel
From Everand
Mastering eBPF: From Networking to Security in the Linux Kernel
Robert Johnson
No ratings yet
Learn Java Programming in 24 Hours
From Everand
Learn Java Programming in 24 Hours
PublishDrive
No ratings yet
The comprehensive guide to build Raspberry Pi 5 Robotics
From Everand
The comprehensive guide to build Raspberry Pi 5 Robotics
Fatin Cazemier
No ratings yet
SteamOS Deployment and Configuration: Definitive Reference for Developers and Engineers
From Everand
SteamOS Deployment and Configuration: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
Jetpack Compose 1.4 Essentials: Developing Android Apps with Jetpack Compose 1.4, Android Studio, and Kotlin
From Everand
Jetpack Compose 1.4 Essentials: Developing Android Apps with Jetpack Compose 1.4, Android Studio, and Kotlin
Smyth
5/5 (1)
Ansible For Windows By Examples
From Everand
Ansible For Windows By Examples
Berton
No ratings yet
Effective Workflow in PyCharm: Definitive Reference for Developers and Engineers
From Everand
Effective Workflow in PyCharm: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
Fortinet FCP - FortiAnalyzer 7.4 Analyst Exam Preparation
From Everand
Fortinet FCP - FortiAnalyzer 7.4 Analyst Exam Preparation
Georgio Daccache
No ratings yet
Red Hat Enterprise Linux 9 Essentials: Learn to Install, Administer and Deploy RHEL 9 Systems
From Everand
Red Hat Enterprise Linux 9 Essentials: Learn to Install, Administer and Deploy RHEL 9 Systems
Neil Smyth
No ratings yet
Implementing VMware Horizon View 5.2
From Everand
Implementing VMware Horizon View 5.2
Jason Ventresco
No ratings yet
The GitOps Handbook: Simplifying Cloud-Native DevOps Workflows
From Everand
The GitOps Handbook: Simplifying Cloud-Native DevOps Workflows
Robert Johnson
No ratings yet
Mainframe Modernization: CI/CD Mastery: Mainframes
From Everand
Mainframe Modernization: CI/CD Mastery: Mainframes
Ricardo Nuqui
No ratings yet
Basic Setup of FortiGate Firewall
From Everand
Basic Setup of FortiGate Firewall
Dr. Hidaia Mahmood Alassoulii
No ratings yet
Software Suite: Revolutionizing Computer Vision with the Ultimate Software Suite
From Everand
Software Suite: Revolutionizing Computer Vision with the Ultimate Software Suite
Fouad Sabry
No ratings yet
Securing Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build
From Everand
Securing Application Deployment with Obfuscation and Code Signing: How to Create 3 Layers of Protection for .NET Release Build
Slava Gomzin
No ratings yet
Visual SourceSafe 2005 Software Configuration Management in Practice
From Everand
Visual SourceSafe 2005 Software Configuration Management in Practice
Aleksandar Seovic
No ratings yet
Podman Essentials: Definitive Reference for Developers and Engineers
From Everand
Podman Essentials: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
Mastering Shell for DevOps: Automate, streamline, and secure DevOps workflows with modern shell scripting
From Everand
Mastering Shell for DevOps: Automate, streamline, and secure DevOps workflows with modern shell scripting
Gilbert Stew
No ratings yet
Mastering Shell for DevOps
From Everand
Mastering Shell for DevOps
Gilbert Stew
No ratings yet
Professional Application Lifecycle Management with Visual Studio 2012
From Everand
Professional Application Lifecycle Management with Visual Studio 2012
Mickey Gousset
No ratings yet
PowerShell: A Beginner's Guide to Windows PowerShell
From Everand
PowerShell: A Beginner's Guide to Windows PowerShell
Roger Wilson
4/5 (1)
5894060
No ratings yet
5894060
30 pages
PCoIP Component Installer Reference
No ratings yet
PCoIP Component Installer Reference
13 pages
990-5784G-EN
No ratings yet
990-5784G-EN
5 pages
Release Notes Xovis Sensor Firmware V4.4.0: PC2R, PC2R-O, PC2S Xovis People Counting Sensors
No ratings yet
Release Notes Xovis Sensor Firmware V4.4.0: PC2R, PC2R-O, PC2S Xovis People Counting Sensors
3 pages
Streamvault 501e Workstation Datasheet
No ratings yet
Streamvault 501e Workstation Datasheet
2 pages
Streamvault Sva 100e
No ratings yet
Streamvault Sva 100e
2 pages
Streamvault Sva 1000e
No ratings yet
Streamvault Sva 1000e
2 pages
question bank for MSD
No ratings yet
question bank for MSD
3 pages
DevOps Master Sheet 2024?
No ratings yet
DevOps Master Sheet 2024?
10 pages
Journey To Emmaus - Thurston
No ratings yet
Journey To Emmaus - Thurston
3 pages
Linux Sound Drivers Framework: Barry Song (宋宝华)
No ratings yet
Linux Sound Drivers Framework: Barry Song (宋宝华)
10 pages
Strategy-Based Comprehension Instruction Lesson Plan
No ratings yet
Strategy-Based Comprehension Instruction Lesson Plan
8 pages
Kontrak Perkuliahan-Poetry-Hasriati
No ratings yet
Kontrak Perkuliahan-Poetry-Hasriati
3 pages
Keywordio Longtail Keywords
No ratings yet
Keywordio Longtail Keywords
10 pages
Rules of Adjective
No ratings yet
Rules of Adjective
7 pages
The Adhyyan School Winter Vacation Assignment (2023-24) Subject: English Class XI
No ratings yet
The Adhyyan School Winter Vacation Assignment (2023-24) Subject: English Class XI
4 pages
Subordinating Conjunctions Exercise
100% (2)
Subordinating Conjunctions Exercise
2 pages
MVW Intl g2 U2 w3 SE
No ratings yet
MVW Intl g2 U2 w3 SE
45 pages
Baptist Deacons Training Manual For Web With Watermark
No ratings yet
Baptist Deacons Training Manual For Web With Watermark
38 pages
Narrative Essay
No ratings yet
Narrative Essay
3 pages
Flowcharting Basics
No ratings yet
Flowcharting Basics
26 pages
Pywinauto
No ratings yet
Pywinauto
159 pages
Mosaic TRD1 Tests U4 2
100% (1)
Mosaic TRD1 Tests U4 2
3 pages
Dictation in Classroom Tool To Improve Proficiency
No ratings yet
Dictation in Classroom Tool To Improve Proficiency
10 pages
User Interface Standard
No ratings yet
User Interface Standard
12 pages
Paper 5, MCQ On Victorian Period
100% (2)
Paper 5, MCQ On Victorian Period
7 pages
Lesson Plans Differentiation
No ratings yet
Lesson Plans Differentiation
9 pages
Labview Datafinder Toolkit: My Datafinder and Datafinder Server
No ratings yet
Labview Datafinder Toolkit: My Datafinder and Datafinder Server
10 pages
Sat 2 - 8
No ratings yet
Sat 2 - 8
4 pages
School Forms Checking Reports SFCR 1
No ratings yet
School Forms Checking Reports SFCR 1
3 pages
Representing Web Data: XML: Web Technologies A Computer Science Perspective
No ratings yet
Representing Web Data: XML: Web Technologies A Computer Science Perspective
32 pages
CD Hphones PDF
No ratings yet
CD Hphones PDF
1 page
Love of Homeland-Grigore Vieru
No ratings yet
Love of Homeland-Grigore Vieru
2 pages
Tenses Table 2022 New
No ratings yet
Tenses Table 2022 New
5 pages
oss
No ratings yet
oss
18 pages
Psychology at A Glance
No ratings yet
Psychology at A Glance
12 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.