Install a View4.6 Security server or connection server instance on a 64bit windows 2008 R2 machine. It could be physical or Virtual machine.
No, PCoIP secure gateway feature is disabled by default in view 4.6. This feature should be enabled from Admin UI before you can start using it.
PCoIP Secure Gateway feature is Enabled/Disabled using Admin UI for both connection Server and associated security server. This is controlled by the check box “Use PCoIP secure Gateway for PCoIP connections to desktop” under ’PCoIP Secure gateway’ in General Tab when a View Connection Server entry is edited.
Do a ‘netstat –nob’ from client, you’ll see network connections made from vmware-remotemks.exe to connection server/security server. If you run the same command inside launched session you can see ‘pcoip_server_win32.exe ‘ has connections made to the same connection/security server. There won’t be any connections made between View Client and View Agent machines. If PCoIP Secure Gateway is not used then these connections will be between View Client and View Agent.
Yes, you can enable PCoIP Secure Gateway but PCoIP Secure Gateway will be only available in associated Security server installed on 2008 R2.
No, you’ll have PCoIP Secure Gateway functionality only on your connection server and security server which are installed on 2008 R2 machine.
You can make sure this by checking the PCoIP Secure Gateway service in windows services list.
PCoIP Secure Gateway service will be listed under windows services. As with any Windows Services, PCoIP Secure Gateway service can also be restarted.
No, PCoIP Secure Gateway is not mandatory. PCoIP Secure Gateway is required in specific scenarios where PCoIP connection needs to be passed through a gateway or a NAT mechanism.
This means the machine on which you are performing installation is not 2008 R2 and PCoIP Secure Gateway feature will not be present on that particular instance.
This warning indicates that the Connection Server you are editing or at least one of the security server associated with this connection server doesn’t have PCoIP Secure Gateway feature installed. You can ignore this warning if you have one of these instances installed with PCoIP Secure Gateway and all PCoIP connections requiring PCoIP Secure Gateway are going to be made through it.
View client or View agent doesn’t require an upgrade to use with PCoIP Secure Gateway. Any client/Agent which supports PCoIP will work with PCoIP Secure Gateway.
View client or View agent doesn’t require an upgrade to use with PCoIP Secure Gateway. Any client/Agent which supports PCoIP will work with PCoIP Secure Gateway.
PCoIP External URL is the IP:Port value provided to view clients by connection server during desktop launch. You cannot give FQDN for this URL, this should be always an IP address reachable from client machines.
PCoIP Secure Gateway doesn’t create any additional secure tunnel. What it does is to proxy PCOIP connections between agent and client. It is similar to an Application firewall.
No, A normal web proxy cannot ‘proxy’ PCoIP sessions. PCoIP Secure Gateway can only be used for PCoIP protocol.
Make sure the new port value is updated in External URL and required firewall exceptions are added.
View Client is unaware of PCoIP Secure Gateway and doesn’t require any change to use PCoIP Secure Gateway.
This field is enabled only if PCoIP Secure Gateway is installed on connection server machine. Make sure you are using a PCoIP Secure Gateway supported OS (Win-2008 R2).
This field is enabled only if PCoIP Secure Gateway is installed on security server machine. Make sure you are using a PCoIP Secure Gateway supported OS (Win-2008 R2).
Yes, PCoIP External URL can be modified from Admin UI to make required changes.
Not always. With a Zero Client, only a PCoIP Secure Gateway is needed. With a View Client, this option controls whether USB and MMR connections are tunnelled. It should be enabled if either of these protocols are needed when using a View Client remotely
PCoIP Gateway Sessions and PCoIP Gateway Sessions High are two counters added to Windows Performance Monitor (perfmon.exe). This can be used to find the number of ongoing sessions and max number of sessions ever present.
No. RDP connections are not handled by PCoIP Secure Gateway. But you can have same connection/security server handle both RDP and PCoIP traffic together.
Users can either use IP or FQDN to connect to connection/security server with PSG configured.
Client to Security/Connection Server
HTTP(S) TCP 80 /443 from View Client to View Security Server.
TCP 4172 from View Client to View Security Server.
UDP 4172 in both directions
Security/Connection Server to Agents
TCP 4172 from View Security Server to View Agents.
UDP 4172 in both directions
Couple of Connection/Security servers can be PSG enabled while others can be PSG disabled. Provide users with appropriate URLs
Default log location is “C:\ProgramData\VMware\VDM\logs\PCoIP Secure Gateway”
PCoIP Secure Gateway log levels can be changed using the same “Set View Connection Server Log Levels” tool used to set view log levels.
This can be done by modifying “HKEY_LOCAL_MACHINE\SOFTWARE\Teradici\SecurityGateway\LogPath” value to new path.
Yes
Yes, there are no configuration changes required in other features to work with PCoIP Secure Gateway.
No, PCoIP Secure Gateway is controlled at broker level. There are no configurations required at pool level.
Yes. In that case, users should connect to another instance of connection server where PCoIP Secure Gateway is not enabled.
This message indicates that PCoIP Secure Gateway feature is enabled but the related PSG (PCoIP Secure Gateway) service is not ready. Check windows services on your security/connection server depending on configuration to make sure ‘PCoIP Secure Gateway’ service is running and is in started state.
Yes. You can have as many PCoIP Secure Gateway as you require.
No. You can avoid the requirement of a VPN connection using PCoIP Secure Gateway which acts as a NAT device.
When connecting remotely, desktops are checked out through the tunnel. Whether or not you have enabled 'Use Secure Tunnel Connection to Desktops’, you must enable 'Use Secure Tunnel Connection for Local Mode Operations' for this to work.
PCoIP protocol is not supported on terminal servers.
The certificates are located in C:\ProgramData\VMware\VDM\certificates folder.
This document is still fuzzy to me. I am reading you NEED to connect to the Security Server to use PCoIP using an IP ONLY. Then I read you can use either an FQDN or IP. Which is it? I am not seeing anything definitive on that question. How does load balancing add to this equation?
Thank you.
M
Hi vmwaredownload ,
User can connect to connection server / security server with both fqdn and ip address. This is the initial session where user authenticating is done.
While launching desktop with pcoip protocol, another connection is initiated between view client and CS/SS using PCoIP protocol. This connection uses the values provided in 'PCoIP external URL'. Since PCoIP doesn't support communication using fqdn, the 'pcoip external url' always should be IP:port and not fqdn:port.
Refer the document and video by Mark Benson for information on how to configure load balancing. http://communities.vmware.com/docs/DOC-14974
Hope i'm clear this time.
-noble
Hi
I am using View-Agent-Direct Connection - i am needing PCoIP service to be running but i cant seem to locate the serive in the Windows Service list??