Skip to content

Configuring the PCoIP Agent

You can configure the PCoIP agent, and optimize PCoIP protocol behavior for local network conditions, by adjusting configuration directives found in /etc/pcoip-agent/pcoip-agent.conf.

You can find detailed information and descriptions about each setting in the next section. You can also consult the man pages for pcoip-agent.conf:

man pcoip-agent.conf

Only the settings documented here apply to the Remote Workstation Card Agent for Linux

The Remote Workstation Card Agent for Linux man pages document additional configuration settings, beyond those described here. These additional settings apply to virtual machine instances and have no effect on Remote Workstation Card systems. Only the settings described here apply to the Remote Workstation Card.

Applying Configuration Changes

To set or change a configuration value, add or modify directives in pcoip-agent.conf. Place one directive on each line, in this format: = <value>

A complete list of configurable values is shown next in Configurable Settings.

Configurable Settings

The following settings can be configured on the Remote Workstation Card Agent for Linux. Refer to Configuring the PCoIP agent to understand how to modify these settings.

License server URL

Directive Options Default
pcoip.license_server_path string (up to **511* characters)*

This setting takes effect when you start the next session. This policy sets the license server path. Enter the license server path in 'https://address:port/request' or 'http://address:port/request' format.

PCoIP Security Certificate Settings

Directive Options Default
pcoip.ssl_cert_type 1—From certificate storage
2—Generate a unique self-signed certificate
0—From certificate storage if possible, otherwise generate
pcoip.ssl_cert_min_key_length 1024—1024 bits
2048—2048 bits
3072—3072 bits
4096—4096 bits

This setting takes effect when you start the next session. A certificate is used to secure PCoIP related communications. The way PCoIP components choose a certificate is based on the certificate type and the key length. Without a certificate being generated or selected, a PCoIP Session cannot be established.

Depending on the value chosen for the option, 'How the PCoIP agent chooses the certificate...' and the availability of appropriate certificates, PCoIP components may acquire a CA signed certificate from certificate storage or generate an in-memory self-signed certificate.

In order for a CA signed certificate to be loadable by PCoIP components, it must be stored at /etc/pcoip-agent/ssl-certs in three .pem files, owned by the pcoip user, only readable by the owning user.

  • pcoip-key.pem must contain an unlocked RSA key

  • pcoip-cert.pem must contain a certificate that signs the key in pcoip.pem

  • pcoip-cacert.pem must contain a CA certificate chain that validates the certificate in pcoip-cert.pem.

Note: Self-signed certificates are 3072 bits long.

Select a minimum key length (in bits) for a CA signed certificate. Longer length certificates will require more computing resources and may reduce performance, but will increase security. Shorter length certificates will provide better performance at the cost of lower security.

Note: Please refer to Teradici documentation for instructions on creating and deploying certificates.

PCoIP Security Settings

Directive Options Default
pcoip.tls_security_mode 0—Maximum Compatibility
pcoip.tls_cipher_blacklist string (up to **1023* characters)*

This setting takes effect when you start the next session. Controls the cryptographic cipher suites and encryption ciphers used by PCoIP endpoints.

The endpoints negotiate the actual cryptographic cipher suites and encryption ciphers based on the settings configured here. Newer versions of TLS and stronger cipher suites will be preferred during negotiation between endpoints.

If this setting is not configured or disabled, the TLS Security Mode will be set to Maximum Compatibility.

TLS Security Mode

Maximum Compatibility offers TLS 1.1, 1.2 and a range of cipher suites including those that support Perfect Forward Security (PFS) and SHA-1. Supported cipher suites:

  • TLS_AES_256_GCM_SHA384

Blacklisted Cipher Suites

Provides the ability to block specific cipher suites from being offered during negotiation. Must be entered as a semi-colon separated list of cipher suites.

PCoIP event log verbosity

Directive Range Increment Default
pcoip.event_filter_mode 0 – 3 1 2

This setting takes effect immediately. Configures the PCoIP event log verbosity ranging from 0 (least verbose) to 3 (most verbose).

Proxy Access to a remote License Server

Directive Options Range Increment Default
pcoip.license_proxy_server string (up to **511* characters)*
pcoip.license_proxy_port 0 – 65535 1

This setting takes effect when you start the next session. If a proxy is required to access a local License Server or the Cloud License Server, enter those parameters here. These parameters are loaded only during agent startup.

X server remote access

Directive Options Default
pcoip.allow_x_remoting 0 (off), 1 (on)

This setting takes effect when you restart the agent. Configuring this allows you to enable or disable remote access to the X server run by the PCoIP Agent. When not configured, remote access is disabled by default.