Highly efficient delivery of desktops over IP networks – especially WAN links:

PCoIP technology enables key features to optimize the delivery of a user’s desktop over standard local area and wide area networks (LAN and WAN). One of these features includes a progressive image refinement that allows a compressed image of the user’s desktop to be delivered quickly over the network and then a progressive refinement to an exact image of the user’s hosted desktop. This allows for a highly efficient desktop delivery over IP networks – especially WAN networks (long latency and possibly low bandwidth networks). In an interactive user session, the user may have moved to a follow-on action that eliminates the need to send the rest of the display pixels resulting in an efficient desktop delivery – and a significant benefit compared to solutions.

WAN PCoIP User Scenario:
The user’s desktop is delivered over a low bandwidth link across North America (~90-100ms round trip network latency). The user clicks on a web page (or a document, PowerPoint, 3D model, etc) and a highly-compressed, initial image is delivered quickly where the image is slightly grainy but the text is still clear and readable.

Initial highly compressed image – but clear text

Click to Enlarge

PCoIP intelligently compresses the user display to ensure that in a constrained scenario (long latency, low bandwidth) the display text is still as crisp as if the desktop were local. However, images and video are highly compressed to minimize the network bandwidth load and to deliver the initial display image extremely quickly to ensure a responsive user desktop.

Perceptually Lossless – still compressed, but users cannot tell

Click to Enlarge

The image is progressively refined and will reach a point we call “perceptually lossless” or the desktop appears to be an exact image of the source desktop at the host. However, in reality, there is still compression present and if there is still time (before the display is changed, window is moved, or hyperlink is clicked, the system will continue to build to a fully lossless image – or an exact image as the source display at the host.

The time it takes to refine the image depends on the available network bandwidth, but in most cases it is not possible for the user to see the refinement in progress. It just looks the same as if the PC was at the user’s desk.

Fully refined image – exact image as the source display in the host PC

Click to Enlarge

Key benefits of progressive refinement in a WAN desktop delivery

• Text delivered as exact image
  Text is sent as a lossless image so that users can always read text even if surrounding images are compressed
• Desktop clarity at any distance
  Progressive refinement enables full image clarity and A fully crisp desktop display regardless of the distance
• Highly responsive desktop
  Get an initial image quickly then build to a fully crisp desktop
• Network bandwidth efficiency
  Do not send additional pixels if the users has changed something on the screen

Progressive refinement to an exact or lossless image is a critical feature for detailed image analysis whether it is for medical diagnostics, design engineering analysis or other applications that simply cannot have compression artifacts in the displayed image.

PCoIP technology delivers unique USB security capability that is not possible on desktop, notebook or thin client form factors. This includes providing mobile users secure access to data via hardware encrypted flash drives – but only the devices approved by enterprise IT will work on the PCoIP desktop portal appliances. All other flash peripherals (or selected peripherals) would be locked out. This authorization is done in hardware so it is ultra secure.

“[PCoIP Technology] has a bunch of security features that are unachievable with desktop computers” – Tom Bradicich, VP IBM Systems and Technology

See video blog: “Extreme USB Security for Enterprise and Government”

Click To Enlarge

Desktop portal appliances based on Teradici’s PCoIP Processors are fully stateless appliances with no local application operating system and no drivers at the desktop.

Teradici PCoIP Technology Unique USB Security Features:

1. Support for all USB peripherals
   • Includes biometrics, card readers, etc.
   • Also includes webcams, scanners, tablets, DVD players with no special drivers.
2. No drivers required on the desktop appliance
   • PCoIP Technology uses the drivers that are native to the host PC/server. So if the peripheral would work when plugged into the host PC, it will work bridged across an IP network to a PCoIP desktop portal.
   • Eliminates the threat of virus propagation from the desktop appliance (where thin client’s embedded OS can get infected with a virus and propagate to hosted client machines)
3. Intelligent Authorization of USB peripherals.
   • Peripheral authorization can be done on device class, product ID, and Vendor ID. The authorization can be done on a per user/group basis and only accept specific devices.
4. Complete USB lockdown – no host enumeration of USB if peripheral is not authorized.
   • PCoIP technology transparently bridges USB traffic from the host PC/server in the datacenter to the desktop portal appliance. You could view this as an exceptionally long USB cable. Peripheral authorization is done at the desktop appliance when a peripheral is plugged in. If the device is authorized, the plug event is bridged back to the host PC and the device can be used as it normally would if the user was directly connecting the peripheral to the host PC.
   • If the device is not authorized, a message is displayed on the user’s screen to let them know the device is not authorized and the plug event is blocked in hardware at the desktop portal. For extreme security, the host PC physically cannot enumerate the USB peripheral and does not know that an attempt was made to connect a peripheral. This is unique to Teradici’s PCoIP technology.
5. Management logs and alerts of attempted connection of un-authorized devices
   • PCoIP Technology allows management systems (see connection broker partner list) to track peripheral connections and attempted connections. Also, PCoIP enables these management systems to deliver alerts to identify users that are trying to connect unauthorized peripherals.

Example Scenario:

IT Problem:
Need to lock down sensitive corporate data, but need to provide certain users such as managers, directors and VP’s the ability to take data out of the office (at home, on the road etc).

Teradici PCoIP Solution:
Provide these users with a hardware encrypted flash drive so that if the flash is lost the data is still secure. Use PCoIP to deliver the users desktop to a secure desktop portal (see partner products). Disable all flash drives, but enable flash drives that match the product ID and vendor ID of the hardware encrypted flash drive.

When a user plugs in the approved flash drive into their desktop portal it is authorized and the plug event is bridged back to the host PC/Server. The user can then use the flash drive as normal. If an insecure flash drive, MP3 player or iPod is connected, the peripheral is not authorized and a message is displayed on the user’s desktop to notify them that the device is not authorized and the host PC/server does not ever know that the peripheral exists (no host plug event to enumerate).

For extreme security, the authorization could match the user and the serial number of the flash drive that was assigned to them.