Skip to content

Configuring the Anyware Agent

You can configure the Anyware agent, and optimize PCoIP protocol behavior for local network conditions, by adjusting configuration directives found in /etc/pcoip-agent/pcoip-agent.conf.

You can find detailed information and descriptions about each setting in the next section. You can also consult the man pages for pcoip-agent.conf:

man pcoip-agent.conf

Applying Configuration Changes

To set or change a configuration value, add or modify directives in pcoip-agent.conf. Place one directive on each line, in this format:

directive.name = <value>

For example, to set the maximum frame rate to 60 frames per second, set the maximum bandwidth to 900000 kilobits/second, and the device bandwidth floor to 5000 kilobits/second, you would set values in pcoip-agent.conf like this:

pcoip.maximum_frame_rate = 60
pcoip.max_link_rate = 900000
pcoip.device_bandwidth_floor = 5000

Note: Support for IPv6 Addresses

The Graphics Agent for Linux supports IPv6 addresses. No configuration is needed to switch between IPv4 and IPv6 modes.

H.264 Hardware Decode Requirements

For H.264 Hardware Decode, the Graphics Agent must have an NVIDIA Graphics Card that supports PCoIP Ultra GPU Offload, and PCoIP Ultra setting is either set to GPU Offload or Auto Offload.

Note: Default Values

In deployments with no existing PCoIP Ultra configuration, PCoIP Ultra defaults to "Auto Offload" and YUV Chroma subsampling defaults to 4:2:0.

The following NVIDIA graphics cards are supported:

  • NVIDIA Quadro P400
  • NVIDIA GeForce RTX 3060

Any Nvidia GPU with NVENC support are expected to work, but have not been tested.

Note: Configurable Values

A complete list of configurable values is shown next in Configurable Settings.

Configurable Settings

The following settings can be configured on the Graphics Agent for Linux. Refer to Configuring the Anyware agent to understand how to modify these settings.

Authentication broker URL

Directive Options Default
pcoip.authentication_broker_url string (up to 511 characters)

This setting takes effect when you start the next session. This policy sets the authentication broker URL for federated user authentication. Enter the authentication broker URL in 'https://address:port/auth' format. This setting overwrites the Authentication broker URL from Connection Manager.

Build-to-lossless

Directive Options Default
pcoip.enable_build_to_lossless 0 (off), 1 (on) Off

This setting takes effect immediately. Specifies whether to turn the build-to-lossless feature of the PCoIP protocol off or on; this feature is turned off by default.

When build-to-lossless is turned off images and other desktop content may never build to a lossless state. In network environments with constrained bandwidth, turning off build-to-lossless can provide bandwidth savings. Build-to-lossless is recommended for environments that require images and desktop content to be built to a lossless state.

Clipboard redirection

Directive Options Default
pcoip.server_clipboard_state 0—Disabled in both directions
1—Enabled in both directions
2—Enabled client to agent only
3—Enabled agent to client only

This setting takes effect when you start the next session. Determines the direction in which clipboard redirection is allowed. You can select one of these values:

  • Disabled in both directions
  • Enabled in both directions (default setting)
  • Enabled client to agent only (That is, allow copy and paste only from the client system to the host desktop.)
  • Enabled agent to client only (That is, allow copy and paste only from the host desktop to the client system.)

Clipboard redirection is implemented as a virtual channel. If virtual channels are disabled, clipboard redirection does not function.

Collaboration

Directive Options Range Increment Default
pcoip.enable_collaboration 0 (off), 1 (on) Off
pcoip.max_collaborators 1 – 5 1 5
pcoip.collaboration_udpport 1 – 65535 1 64172

This setting takes effect when the agent is restarted. This policy enables or disables user collaboration. When not configured, user collaboration is disabled by default.

The default maximum number of collaborators allowed is 5.

The default UDP starting port used for collaborator sessions is 64172. When a different starting port is used, ensure that firewall rules are adjusted so that PCoIP traffic can go through the new port.

If there is more than one collaborator, additional UDP ports will be needed for the collaborator sessions. For example, when the second collaborator connects, the next free UDP port will be opened on the host.

Collaboration input control

Directive Options Range Increment Default
pcoip.enable_collaboration_input_control 0 (off), 1 (on) Off
pcoip.collaboration_input_control_timeout 100 – 10000 100 3000

This setting takes effect when you start the next PCoIP session. This policy enables or disables input control from the collaborators. When not configured, collaboration input control is disabled by default.

The input control timeout specifies the waiting period before any user with input control permission can acquire the input control of the host. The current input owner is the only one authorized to send mouse, keyboard and touch inputs to the host.

Connection addresses

Directive Options Default
pcoip.connection_address string (up to 511 characters)
pcoip.client_connection_address string (up to 511 characters)

This setting takes effect when you start the next session. Configuring this allows you to control the IPv4 or IPv6 address used by the agent or client in PCoIP sessions.

'Connection Address' controls the IP address used by the agent for the PCoIP session.

'Client Connection Address' controls the IP address the client is told to use when establishing the PCoIP session.

Please note that neither of these values should need to be set under normal circumstances.

Desktop environment

Directive Options Default
pcoip.desktop_session string (up to 511 characters)

This setting takes effect when you start the next session. Choose the desktop environment that will be launched from /usr/share/xsessions/*.desktop, defaults to "kde-plasma" if present, else the first session found alphabetically in /usr/share/xsessions.

Note that this setting only takes effect after an existing desktop session ends (either due to a reboot or logging out).

Enable Disclaimer Authentication

Directive Options Default
pcoip.enable_disclaimer_auth 0 (off), 1 (on) Off

This setting takes effect when you start the next session. When this setting is enabled, users connecting via direct connect will be presented a disclaimer prior to user authentication. If the disclaimer is rejected, the user will not be able to connect.

Disclaimer files must be placed in /etc/pcoip-agent/disclaimers/ and must be readable by the "pcoip" system user. Files must be named according to the locale, e.g. en_US.txt for en_US, ko_KR.txt for ko_KR, etc. If a file matching the negotiated locale is not present, en_US will be used as a fallback. If disclaimer text cannot be found, an blank disclaimer will be presented.

Enable/disable USB in the PCoIP session

Directive Options Default
pcoip.enable_usb 0 (off), 1 (on) On

This setting takes effect when you start the next session. Determines whether USB support is enabled in PCoIP sessions. When this setting is not configured, USB is enabled by default. By default all devices are supported unless restrictions are configured through the USB device rules setting.

Enable/disable audio in the PCoIP session

Directive Options Default
pcoip.enable_audio 0 (off), 1 (on) On

This setting takes effect when you start the next session. Determines whether audio is enabled in PCoIP sessions. Both endpoints must have audio enabled. When this setting is enabled, PCoIP audio is allowed. When it is disabled, PCoIP audio is disabled. When this setting is not configured, audio is enabled by default.

Enable/disable relative mouse support

Directive Options Default
pcoip.enable_relative_mouse 0 (off), 1 (on) On

This setting takes effect when you start the next session. It determines whether relative mouse co-ordinates may be used, when appropriate, during the PCoIP session. By default, this setting is enabled.

Hide local cursor

Directive Options Default
pcoip.disable_locally_rendered_cursor 0 (off), 1 (on) Off

This setting takes effect immediately. When this setting is enabled the local cursor on the client will be hidden. This may resolve duplicate cursor issues if there is a host rendered cursor within the host environment but may also result in no visible cursor. With this setting enabled there may be delays in mouse movements due to network latency and video processing times. By default, this setting is disabled, meaning that local cursors will be used, providing the most responsive user experience.

Host key auto repeats

Directive Options Default
pcoip.use_host_autorepeat 0—disabled (default)
1—use host generated auto repeats and client repeat rate (zero client only)
2—use host generated auto repeats and host repeat rate

This setting takes effect when you start the next session. Configuring this allows you to enable or disable host generated key auto repeats. When not configured or disabled, key auto repeats are driven by the client.

License server URL

Directive Options Default
pcoip.license_server_path string (up to 511 characters)

This setting takes effect when you start the next session. This policy sets the license server path. Enter the license server path in 'https://address:port/request' or 'http://address:port/request' format.

Maximum PCoIP session bandwidth

Directive Range Increment Default
pcoip.max_link_rate 104 – 900000 100 900000

This setting takes effect when you start the next session. Specifies the maximum bandwidth, in kilobits per second, in a PCoIP session. The bandwidth includes all imaging, audio, virtual channel, USB, and control PCoIP traffic.

Set this value based on the overall capacity of the link to which your endpoint is connected, taking into consideration the number of expected concurrent PCoIP sessions. For example, with a single user VDI configuration (e.g. a single PCoIP session) that connects through a 4Mbit/s Internet connection, set this value to 4Mbit (or 10% less than this value to leave some allowance for other network traffic).

Setting this value prevents the agent from attempting to transmit at a higher rate than the link capacity, which would cause excessive packet loss and a poorer user experience. This value is symmetric. It forces the client and agent to use the lower of the two values that are set on the client and agent side. For example, setting a 4Mbit/s maximum bandwidth forces the agent to transmit at a lower rate, even though the setting is configured on the client.

When this setting is disabled or not configured on an endpoint, the endpoint imposes no bandwidth constraints. When this setting is configured, the setting is used as the endpoint's maximum bandwidth constraint in kilobits per second.

The default value when this setting is not configured is 900000 kilobits per second.

This setting applies to the agent and client. If the two endpoints have different settings, the lower value is used.

PCoIP Security Certificate Settings

Directive Options Default
pcoip.ssl_cert_type 1—From certificate storage
2—Generate a unique self-signed certificate
0—From certificate storage if possible, otherwise generate
pcoip.ssl_cert_min_key_length 1024—1024 bits
2048—2048 bits
3072—3072 bits
4096—4096 bits

This setting takes effect when you start the next session. A certificate is used to secure PCoIP related communications. The way PCoIP components choose a certificate is based on the certificate type and the key length. Without a certificate being generated or selected, a PCoIP Session cannot be established.

Depending on the value chosen for the option, 'How the PCoIP agent chooses the certificate...' and the availability of appropriate certificates, PCoIP components may acquire a CA signed certificate from certificate storage or generate an in-memory self-signed certificate.

In order for a CA signed certificate to be loadable by PCoIP components, it must be stored at /etc/pcoip-agent/ssl-certs in three .pem files, owned by the pcoip user, only readable by the owning user.

  • pcoip-key.pem must contain an unlocked RSA key

  • pcoip-cert.pem must contain a certificate that signs the key in pcoip.pem

  • pcoip-cacert.pem must contain a CA certificate chain that validates the certificate in pcoip-cert.pem.

Note: Self-signed certificates are 3072 bits long.

Select a minimum key length (in bits) for a CA signed certificate. Longer length certificates will require more computing resources and may reduce performance, but will increase security. Shorter length certificates will provide better performance at the cost of lower security.

Note: Please refer to Teradici documentation for instructions on creating and deploying certificates.

PCoIP Security Settings

Directive Options Default
pcoip.tls_cipher_blacklist string (up to 1023 characters)

This setting controls the cryptographic cipher suites used by PCoIP endpoints. Changes will take effect when the agent is restarted. When this setting is disabled or not configured, all supported cipher suites may be used for connections. The endpoints negotiate the actual cryptographic cipher suites based on the settings configured here. Newer versions of TLS and stronger cipher suites will be preferred during negotiation between endpoints. Supported cipher suites:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_AES_256_GCM_SHA384

Blacklisted Cipher Suites Provides the ability to block specific cipher suites from being offered during negotiation. Must be entered as a semi-colon separated list of cipher suites.

PCoIP USB allowed and unallowed device rules

Directive Options Default
pcoip.usb_auth_table 23XXXXXX
2203XXXX
23XXXXXX
pcoip.usb_unauth_table 2203XXXX

This setting takes effect when you start the next session. This setting only applies if the related setting to Enable/disable USB in the PCoIP session is enabled, and specifies the USB devices that are authorized and not authorized for PCoIP sessions. Only devices listed in the USB authorization table are permitted in PCoIP sessions, provided they are not subsequently excluded by an entry in the USB unauthorization table.

You can define a maximum of 50 USB authorization rules and a maximum of 50 USB unauthorization rules. Separate multiple rules with the vertical bar (|) character. Please note the final number of authorization/unauthorization rules in a PCoIP session are negotiated by PCoIP client and agent. Some clients have a limit of 10 USB rules. Please refer to the PCoIP agent admin guide for details.

Each rule can be a combination of a Vendor ID (VID) and a Product ID (PID), or a rule can describe a class of USB devices. A class rule can allow or disallow an entire device class, a single subclass, or a protocol within a subclass.

The format of a combination VID/PID rule is 1xxxxyyyy, where xxxx is the VID in hexadecimal format and yyyy is the PID in hexadecimal format. For example, the rule to authorize or block a device with VID 0x1a2b and PID 0x3c4d is 11a2b3c4d.

For class rules, use one of the following formats:

Allow all USB Format: 23XXXXXX devices Example: 23XXXXXX

Allow USB Format: 22classXXXX devices with a Example: 22aaXXXX specific class ID

Allow a specific Format: 21class-subclassXX subclass Example: 21aabbXX

Allow a specific Format: 20class-subclass-protocol protocol Example: 20aabbcc

For example, the USB authorization string to allow USB HID (mouse and keyboard) devices (class ID 0x03) and mass storage devices (class ID 0x08) is 2203XXXX|2208XXXX. The USB unauthorization string to disallow USB Mass Storage devices (class ID 0x08) is 2208XXXX.

An empty USB authorization string means that no USB devices are authorized. An empty USB unauthorization string means that only USB devices in the authorization list are allowed.

If these settings are unconfigured, the default behavior is that all devices are allowed.

PCoIP Ultra

Directive Options Range Increment Default
pcoip.enable_ultra 0 (off), 1 (on) On
pcoip.ultra 0—Disabled
1—CPU Offload
2—GPU Offload
3—Automatic Offload
pcoip.ultra_offload_mpps 1 – 40 1 10

This setting takes effect when you start the next session. When this setting is disabled, PCoIP Ultra will not be used.

  • PCoIP Ultra CPU Offload - these optimizations require CPU support for the AVX2 instruction set on both the remote host and client and are not compatible with the PCoIP Zero client. CPU Offload is recommended for 4K UHD resolutions with video playback requirements of 30 fps (or more) and highest image quality / color accuracy.

  • PCoIP Ultra GPU Offload - these optimizations require an NVIDIA graphics card on the remote host capable of NVENC. GPU Offload is recommended when minimal CPU impact of pixel encoding is desired.

  • PCoIP Ultra Auto Offload - enabling this setting allows PCoIP to automatically switch between CPU and GPU Offload modes; CPU Offload is used by default to provide the best image fidelity, GPU Offload is used during periods of high display activity to provide improved frame rates and bandwidth optimization. This setting is only effective if the remote host and client endpoints are capable of both CPU and GPU Offload.

The PCoIP Ultra Offload MPPS sets the Megapixels Per Second (MPPS) transition rate between PCoIP Ultra CPU Offload and PCoIP Ultra GPU Offload. Under Auto-Offload, PCoIP Ultra uses CPU Offload at lower pixel rates and switches to GPU Offload at the Offload MPPS. Increasing this value results in PCoIP Ultra transitioning to GPU Offload at a higher pixel rate and decreasing this value results in the transition at a lower pixel rate. The default PCoIP Ultra Offload MPPS is set to 10.

PCoIP event log verbosity

Directive Range Increment Default
pcoip.event_filter_mode 0 – 3 1 2

This setting takes effect immediately. Configures the PCoIP event log verbosity ranging from 0 (least verbose) to 3 (most verbose).

PCoIP image quality levels

Directive Options Range Increment Default
pcoip.minimum_image_quality 30 – 100 10 40
pcoip.maximum_initial_image_quality 30 – 100 10 80
pcoip.frame_rate_vs_quality_factor 0 – 100 10 50
pcoip.maximum_frame_rate 0 – 60 1
pcoip.yuv_chroma_subsampling 0—4:4:4
1—4:2:0
pcoip.use_client_img_settings 0 (off), 1 (on) Off

This setting takes effect immediately. Controls how PCoIP renders images during periods of network congestion. The Minimum Image Quality, Maximum Initial Image Quality, and Maximum Frame Rate values interoperate to provide fine control in network-bandwidth constrained environments.

Use the Minimum Image Quality value to balance image quality and frame rate for limited-bandwidth scenarios. You can specify a value between 30 and 100. The default value is 40. A lower value allows higher frame-rates, but with a potentially lower quality display. A higher value provides higher image quality, but with potentially lower frame rates when network bandwidth is constrained. When network bandwidth is not constrained, PCoIP maintains maximum quality regardless of this value.

Use the Maximum Initial Image Quality value to reduce the network bandwidth peaks required by PCoIP by limiting the initial quality of the changed regions of the display image. You can specify a value between 30 and 100. The default value is 80. A lower value reduces the image quality of content changes and decreases peak bandwidth requirements. A higher value increases the image quality of content changes and increases peak bandwidth requirements. Unchanged regions of the image progressively build to a lossless (perfect) quality regardless of this value. A value of 80 or lower best utilizes the available bandwidth.

The Minimum Image Quality value cannot exceed the Maximum Initial Image Quality value.

Use the Frame Rate vs Image Quality value to favor image sharpness over smooth motion during a PCoIP session when network bandwidth is limited. Lower values favor smoothness, higher values favor sharpness of image.

Use the Maximum Frame Rate value to manage the average bandwidth consumed per user by limiting the number of screen updates per second. You can specify a value between 1 and 60 frames per second. A higher value can use more bandwidth but provides less jitter, which allows smoother transitions in changing images such as video. A lower value uses less bandwidth but results in more jitter.

YUV chroma subsampling is set to 4:2:0 by default. It enables chroma subsampling to further compress the imaging to reduce bandwidth usage at the cost of reduced color accuracy. 4:2:0 subsampling is only supported in combination with PCoIP Ultra GPU optimization. Please note: 4:4:4 subsampling with PCoIP Ultra GPU optimization is GPU dependent and is not supported by all GPUs, in this case, PCoIP will fall back to 4:2:0 subsampling. Please see our support site for further details.

Set the 'Use image settings from zero client' when you want to use the 'Minimum Image Quality', 'Maximum Initial Image Quality', 'Maximum Frame Rate', 'Disable Build to Lossless' values from the client instead of the host. Currently, only Zero Client Firmware 3.5 and above support these settings on the client side.

These image quality values apply to the soft host only and have no effect on a soft client.

When this setting is disabled or not configured, the default values are used.

PCoIP session MTU

Directive Range Increment Default
pcoip.mtu_size 500 – 1500 1 1200

This setting takes effect when you start the next session. Specifies the Maximum Transmission Unit (MTU) size for UDP packets for a PCoIP session.

The MTU size includes IP and UDP packet headers. TCP uses the standard MTU discovery mechanism to set MTU and is not affected by this setting. The maximum MTU size is 1500 bytes. The minimum MTU size is 500 bytes. The default value is 1200 bytes.

Typically, you do not have to change the MTU size. Change this value if you have an unusual network setup that causes PCoIP packet fragmentation.

This setting applies to the agent and client. If the two endpoints have different MTU size settings, the lowest size is used.

If this setting is disabled or not configured, the client uses the default value in the negotiation with the agent.

PCoIP session audio bandwidth limit

Directive Range Increment Default
pcoip.audio_bandwidth_limit 0 – 100000 1 512

This setting takes effect immediately. Specifies the maximum audio bandwidth that can be used for audio output (sound playback) from the virtual desktop to the client in a PCoIP session. Note that the network transport overhead can add an additional 20-40% bandwidth to this number.

Audio processing monitors the bandwidth needed for audio and selects the audio compression algorithm that provides the best quality possible, without exceeding the bandwidth limit:

  • 512 kbit/s or higher - 7.1 surround, high-quality, compressed audio

  • 384 kbit/s or higher - 5.1 surround, high-quality, compressed audio

  • 256 kbit/s or higher - stereo, high-quality, compressed audio

  • 48 kbit/s to 255 kbit/s - stereo audio ranging between FM radio quality down to AM radio quality

  • 32 kbit/s to 47 kbit/s - monaural AM radio or phone call quality

  • Below 32 kbit/s - results in no audio playback

If this setting is not configured, a default audio bandwidth limit of 512 kbit/s is configured to constrain the audio compression algorithm selected.

Note that zero clients on older firmware have less efficient audio compression algorithms that may require setting this limit higher to achieve the same audio quality or upgrading the firmware.

PCoIP session bandwidth floor

Directive Range Increment Default
pcoip.device_bandwidth_floor 0 – 100000 1

This setting takes effect immediately. Specifies a lower limit, in kilobits per second, for the bandwidth that is reserved by the PCoIP session.

This setting configures the minimum expected bandwidth transmission rate for the endpoint. When you use this setting to reserve bandwidth for an endpoint, the session does not have to wait for bandwidth to become available, which improves session responsiveness.

Make sure that you do not over-subscribe the total reserved bandwidth for all endpoints. Make sure that the sum of bandwidth floors for all connections in your configuration does not exceed the network capability.

The default value is 0, which means that no minimum bandwidth is reserved. When this setting is disabled or not configured, no minimum bandwidth is reserved.

This setting applies to the agent and client, but the setting only affects the endpoint on which it is configured.

PCoIP statistics interval

Directive Range Increment Default
pcoip.server_statistics_interval_seconds 0 – 65535 1

This setting takes effect immediately. Configuring this allows you to set an interval in seconds for logging performance statistics to the PCoIP server log. When not configured, logging is disabled by default.

PCoIP transport header

Directive Options Default
pcoip.transport_session_priority 1—High Priority
2—Medium Priority (default)
3—Low Priority
4—Undefined Priority

This setting takes effect when you start the next session. Configures the PCoIP transport header.

PCoIP transport header is a 32-bit long header which is added to all PCoIP UDP packets (only if the transport header is enabled/supported by both sides). PCoIP transport header allows network devices to make better prioritization/Qos decisions when dealing with network congestions. The transport header is enabled by default.

The transport session priority determines the PCoIP session priority reported in the PCoIP Transport Header. Network devices make better prioritization/Qos decisions based on the specified transport session priority. The transport session priority value is negotiated by the PCoIP agent and client. If agent has specified a transport session priority value (high, medium, or low), then the session uses the agent specified session priority. If only the client has specified a transport session priority (high, medium, or low), then the session uses the client specified session priority. If neither agent nor client has specified a transport session priority (or specified 'undefined priority'), then the session uses/defaults to the medium session priority.

PCoIP virtual channels

Directive Options Default
pcoip.enable_vchan 1—Enable all virtual channels other than those in the list
2—Disable all virtual channels other than those in the list
pcoip.vchan_list string (up to 255 characters)

This setting takes effect when you start the next session. Specifies the virtual channels that can or cannot operate over a PCoIP session.

There are two modes of operation:

  • Enable all virtual channels except for <list> (default setting)
  • Disable all virtual channels except for <list>

When specifying which virtual channels to include or not include in the list, the following rules apply:

  • An empty list is allowed
  • Multiple virtual channel names in the list must be separated by the vertical bar (|) character. For example: channelA|channelB
  • Vertical bar or backslash () characters in virtual channel names must be preceded by a backslash. For example: the channel name "awk|ward\channel" must be specified as "awk|ward\channel" (without the double quotes)
  • A maximum of 15 virtual channels are allowed in a single PCoIP session

The virtual channel must be enabled on both agent and client for it to be used.

Proxy Access to a remote License Server

Directive Options Range Increment Default
pcoip.license_proxy_server string (up to 511 characters)
pcoip.license_proxy_port 0 – 65535 1

This setting takes effect when you start the next session. If a proxy is required to access a local License Server or the Cloud License Server, enter those parameters here. These parameters are loaded only during agent startup.

Timezone redirection

Directive Options Default
pcoip.enable_timezone_redirect 0 (off), 1 (on) On

This setting takes effect when you start the next session. Configuring this allows you to enable or disable timezone redirection. When not configured, timezone redirection is enabled by default.

Username comparison skipping

Directive Options Default
pcoip.skip_username_comparison 0 (off), 1 (on) Off

This setting takes effect when the agent is restarted. It allows username comparison to be skipped when launching the user's desktop environment. It should only be enabled when using a PAM stack where the desktop user may differ from the username used during login.

X server remote access

Directive Options Default
pcoip.allow_x_remoting 0 (off), 1 (on) Off

This setting takes effect when you restart the agent. Configuring this allows you to enable or disable remote access to the X server run by the PCoIP Agent. When not configured, remote access is disabled by default.