Peering Zero Clients to Remote Workstation Cards¶
PCoIP Zero Clients can be peered (paired) to Remote Workstation Cards using custom certificates to establish a secure PCoIP peer-to-peer connection. This optional but recommended configuration allows for a more secure connection than the default connection. The custom peer-to-peer certificate and the root certificate must be present in both the Zero Client and Remote Workstation card certificate store. The custom certificate must then be applied to the Peer-to-Peer Certificate field, which is displayed when the Direct to Host Session Connection Type is selected. Only certificates that match the selected TLS Security Mode option are displayed.
Changing Session Connection Type
If you need to change your Session Connection Type from connecting to Remote Workstation Cards, be sure to change the TLS Security Mode to Maximum Compatibility: TLS 1.2 or higher with 112-bit or higher elliptic curve encryption.
Support for Peer-to-Peer connections
*The peer-to-peer connection using certificates supports connections between PCoIP Zero Clients and Remote Workstation Cards only. This configuration is done via the AWI.
- Peer-to-peer certificates can also be requested via SCEP. If using SCEP, the certificate will automatically be selected in the Advanced Session Configuration page. See Obtaining Certificates Automatically Using SCEP.
Important: OCSP (Online Certificate Status Protocol)
OCSP (Online Certificate Status Protocol) is currently not supported for custom peer-to-peer certificates
To configure a secure peer-to-peer connection to a PCoIP Remote Workstation Card:¶
Prior to following these steps you will need your certificates, which can be generated manually or automatically using the Simple Certificate Enrollment Protocol (SCEP).
Upload both your custom peer-to-peer certificate and your root certificate to your PCoIP Zero Client certificate store. See Uploading Certificates.
Remote Workstation Certificate
Ensure the desired trusted certificate is uploaded to the Remote Workstation Card certificate store.
Select Direct to Host for the Session Connection Type on the Session page.
Enter the DNS Name or IP Address of the Remote Workstation Card that you are going to have a peer-to-peer connection with.
Select Show Advanced Options.
Select the TLS Security Mode that matches your certificate.
Select the correct Peer-to-Peer Certificate. (If it is not displayed, you have not yet uploaded it to the certificate store)
If a custom peer to peer certificate is applied and a connection is made, and the custom certificate is removed from the certificate store on either endpoint, a subsequent connection will not establish.
A connection reset is required before changes take affect.