PC over IP

Light Meals

Security Aspects

As already mentioned, the advantage of using remote workstations is not just that they can be operated independent of location – they also make a significant contribution to greater privacy and security. Apart from the obvious protection against physical manipulation and the fact that only encrypted information is shared between the zero client workstation and the host card, the zero clients also offer several ways of restricting access to the workstation. Of course, you also can password-protect the menus and configuration of the zero client itself, as well as restrict whether and which USB devices can be used on the zero client and thus on the workstation.

Configuring the Host Card and Zero Client

Both the host cards and the zero clients have a built-in web server that provides a configuration interface (Figure 3). To access the configuration interface, you must know the IP address of each device: The IP address of the workstation host card is displayed during the discovery process on the zero client's screen, and the IP address of the zero client is found with Options | Configuration | Network on the login screen. Alternatively, you can run a network scanner to determine the IP addresses of the PCoIP devices on the network. With Nmap, you can do this quickly and easily with the ping scan method (-sP; Listing 1).

Figure 3: The PCoIP host card (left) and zero client (right) are managed via an easy-to-use, web-based interface that lets you adjust extensive settings.

Listing 1

IP Address Discovery with Nmap

$ nmap -sP | grep pcoip
Nmap scan report for pcoip-portal-008064862335(
Nmap scan report for pcoip-host-0030040d26fc(

In this case, a host card (pcoip-host) and a zero client (pcoip-portal) were detected. To access the settings of the systems, you enter the IP address in your web browser. You then have access to all configuration parameters and can, for example, change network settings, adjust bandwidth usage, or set a password to protect the configuration interface and configuration. Furthermore, you can read extensive diagnostic information, transfer new firmware to the device, or apply restrictions (e.g., on usable USB devices).

In the download section of its website, Teradici provides a knowledge base with firmware updates and optional software. For access to the knowledge base, free registration is required, for which you must enter some personal data.

Fundamentally, although you do not need to install additional software on a computer with an integrated Teradici host card, the optional and free host software provides some convenient functions (Figure 4).

Figure 4: The optional host software adds a number of convenience functions on the remote workstation, such as changing the Wake-on-LAN settings for the network card and locking the host after the zero client logs out.

For example, the host software gives you access to the Wake-on-LAN parameters of the built-in host network card. Furthermore, remote sessions can then be simply stopped with a click of the mouse, although this function is normally reserved for the power button on the zero client. Because the host software communicates directly with the host card, the software also provides convenient access to detailed host statistics.

Automatically Locked

Automatic locking of the host PC after terminating a remote workstation session is another software function, and if you want to deploy PCoIP sessions with the help of a third-party connection broker, such as VMware Horizon View, the host software is mandatory. For more information about the features supported by Teradici Connection Broker, see the box titled "Third-Party Connection Broker."

Third-Party Connection Broker

Clients in larger VDI environments no longer connect directly with virtual machines or remote workstations. Instead, a connection broker handles this job. It takes over the management of the VMs, allocates remote user access to the appropriate resources, and takes care of the load distribution. The Teradici host cards currently support connection brokers by VMware, Ericom [10], and LeoStream [11].

In the medium term, broker support will be extended to other products, and Teradici will "possibly" even release its own mini-broker. So far, this is not official, so one can only speculate.

If VMware Horizon View is used as a connection broker, you can use the VMware View software client on the client side. In conjunction with the VMware View Security Server, this even works over the Internet.

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • PC over IP

    Anyone who has tried to to run graphics-intensive applications using an application-sharing protocol like RDP knows how miserably these technologies fail. But the PCoIP protocol and special hardware means that even heavy-duty workstations can operate remotely.

comments powered by Disqus