

Installing the Cloud Access Connector¶

Once the files are downloaded and the access token is set, you can install the Cloud Access Connector. If you are not already connected, connect to the machine via SSH and navigate to the /usr/sbin directory. Previously the directory used was ~/v2connector. All new and recent installs and updates should use /usr/sbin but older installs and updates may still be using the legacy directory.

Latest Installer Version

Ensure that you are using the latest installer prior to installing or upgrading the Cloud Access Connector. If you are not using the latest installer, you may see one of the following errors:

The installer is out of date. Please obtain the latest version and try again. See https://teradici.com/downloadcac for instructions.
The installer is out of date. Please download the latest version from https://teradici.bintray.com/cloud-access-connector/cloud-access-connector-0.1.1.tar.gz and try again.

Install the Cloud Access Connector by running the following command:

cd /usr/sbin
sudo ./cloud-access-connector install

Ensure that you use the options best suited to your system architecture and requirements. If required values are not provided on the command line, you will be prompted for them.

You need to obtain a Cloud Access Connector token prior to installation. For information on how to obtain this token, see Obtaining a Cloud Access Connector Token. Once you have the token you can run the following command and enter it:

sudo ./cloud-access-connector install -t "token obtained in previous section" [options]

When installed with no options, the Cloud Access Connector will not use MFA, and will use your SSL key and certificate.

The available options are:

Flag	Description
`--token` (`-t`)	Required. The token generated for Cloud Access Manager.
`‑‑enable‑mfa`	Installs with multi-factor authentication enabled.
`‑‑self-signed`	Installs the Cloud Access Connector with self-signed certificates. This mode is not secure and is intended for testing. The `--insecure` flag is still supported.
`--force-install`	Replaces any existing Cloud Access Connector installation.
`--debug`	This flag can be run if you initial install of the Cloud Access Connector fails. It provides a detailed output of the Cloud Access Connector installation. This is useful for self-troubleshooting or to provide to the Teradici support team when logging a support ticket.

The following flags can be used to provide values at the command line. If they are omitted from the command and are required, you will be prompted for them:

Flag	Type	Description
`‑‑reg‑code`	String	Cloud Access Software registration code, provided by Teradici. Cloud License registration code, provided by Teradici.
`‑‑domain`	String	The AD domain that remote workstations will join.
`--domain-group`	String	The Distinguished Name of the user group you want to use to log into the legacy Cloud Access Manager management interface. This option can be used when you `install` a Cloud Access Connector or `update` an existing Cloud Access Connector. The default is Domain Admins (eg, `CN=CAM Admins,CN=Users,DC=example,DC=com`).
`‑‑users-dn`	StringArray	The base DN to search for users within AD. Specify multiple DNs with multiple options. Newly provided base DN(s) will automatically replace previous base DN(s). This field is looking for user's within the user-defined DN and SGs.
`--computers-dn`	StringArray	The base DN to search for computers within AD. Specify multiple DNs with multiple options. Newly provided base DN(s) will automatically replace previous base DN(s).
`--sync-interval`	uint8	The interval (in minutes) for how often to sync AD users and computers with the CAM Service.
`‑‑sa‑user`	String	The Active Directory service account username.
`‑‑sa‑password`	String	The Active Directory service account password.
`‑‑radius‑server`	String	The FQDN or IP address of the RADIUS server to use for MFA. This flag is optional.
`‑‑radius‑port`	String	The RADIUS server port. If not specified, the default port (1812) is used. If `--radius-server` is specifed then this flag is optional.
`‑‑radius‑secret`	String	The shared secret used for configuring RADIUS authentication. If `--radius-server` is specifed then this flag is required.
`‑‑ssl‑key`	String	The full path and filename of the SSL key to use. The `--self-signed` flag overrides this flag.
`‑‑ssl‑cert`	String	The full path and filename of the SSL certificate (in PEM format) to use. The `--self-signed` flag overrides this flag.
`--https-proxy`	String	Specify the URL for a HTTPS proxy (overrides related proxy settings in environment variables)
`‑‑accept‑policies`	—	Automatically accept the EULA and Privacy Policy.
`--retrieve-agent-state`	Boolean	Enables the broker to retrieve the agent state for unmanaged and managed remote workstations. The default value for this flag is false. The available states are In Session, Ready, Starting, Stopping, Stopped and Unknown. The value of this flag can either be true or false.
`--show-agent-state`	Boolean	Controls if the agent state is displayed as part of the remote workstation name in the PCoIP Client. The default value for this flag is true. Setting the value of this flag to true and the `--retrieve-agent-state` flag to false will result in no agent state displaying.
`--domain-controller`	String	Specifies one or more domain controllers to use with the Cloud Access Connector. For more information, see Specifing Domain Controllers.
`--external-pcoip-ip`	String	Sets the IPv4 address for the Cloud Access Connector for external connections. If this value is not set, the external IPv4 address will be determined automatically. For more information on external network access, see Enabling External Network Access.
`--connector-network-cidr`	String	This is the CIDR to use for the Cloud Access Connector's docker network. The default docker network subnet is 10.101.0.0/16.
`--local-license-server-url`	String	Sets the URL for PCoIP License Server to be used for PCoIP Sessions. If this is not provided, ensure that the Cloud License Server is registered on the PCoIP Agent. Example: --local-license-server-url http://10.10.10.10:7070/request. For more information on the PCoIP License Server, see here.
`--add-pool-group`	String	Specifies one or more Active Directory groups, by entering the distinguished name (DN), to be assigned to pools for remote workstation management (eg, --pool-group 'CN=GroupPool1,CN=Users,DC=sample,DC=com' --pool-group 'CN=GroupPool2,CN=Users,DC=sample,DC=com'). By providing all the existing pools groups in the Cloud Access Connector settings would get replaced by the user specified ones. When running this command you need to run it with adconfig. Example: sudo ./cloud-access-connector adconfig --add-pool-group.
`--users-filter`	String	The filter to search for users within Active Directory. Specify multiple filters with multiple options. Default user filter: (&(objectCategory=person)(objectClass=user)).
`--computers-filter`	String	The filter to search for computers within Active Directory. Specify multiple filters with multiple options. Default computer filter: (&(primaryGroupID=515)(objectCategory=computer)).
`--internal-client-cidr`	String	The CIDR for PCoIP Clients that connect to remote workstations directly.
`--external-client-cidr`	String	The CIDR for PCoIP Clients that connect to remote workstations through the Security Gateway. If external CIDRs settings are set, internal settings must be explicitly set.
`--setup-docker-image`	String	Specifies the docker image to be used from the setup container. This is intended to be used for debugging purposes and is not recommended to be used without guidance from Teradici support. Usage without guidance could result in failed installations.
`--docker-registry`	String	This is an optional flag that enables users to specify the docker image registry that they want to use when installing or updating a Cloud Access Connector. If an option is not specified, the default registry docker.cloudsmith.io/teradici/cloud-access-connector will be used. This is intended to be used for debugging purposes and is not recommended to be used without guidance from Teradici support. Usage without guidance from Teradici could result in failed installations.

Troubleshooting the Cloud Access Connector

If you encounter issues when attempting to install the Cloud Access Connector, please see the Troubleshooting section for information on how to potentially diagnose the specific issue. You can also view the following KB article here which provides a list of troubleshooting steps for common issues related to installing the Cloud Access Connector.

Certificate Information¶

For an example of how to create a self-signed certificate, see Creating a self-signed certificate on a Windows 2016 Active Directory Server. For an example of a method to install a certificate on your Active Directory, see Installing a certificate on your Active Directory server to enable LDAPS.

Installing the Cloud Access Connector for Testing¶

To install the Cloud Access Connector with MFA enabled and in insecure mode for testing, you would run this command (note that we are providing the --enable-mfa flag but not the RADIUS server information, so prompts will appear to collect it):

sudo ./cloud-access-connector install -t $token --enable-mfa --self-signed

When the installer completes, the IP address of the Cloud Access Connector will be displayed and you will be directed to go to https://cam.teradici.com to begin managing your deployments, connectors and remote workstations.

Cloud Access Connector - Troubleshooting

If there is an issue installing the Cloud Access Connector or an existing Connector is failing, please see the troubleshooting section on Cloud Access Connector Connectivity. Within this section there are steps to check the following:

Remote Workstation connections
Active Directory connections
Cloud Access Connector component information