Skip to content

Installing for Offline Environments

If the PCoIP Connection Manager and PCoIP Security Gateway machine does not have a connection to the public internet, you must create a temporary internet-connected machine to download a pre-created offline installation bundle and then transfer the bundle to the production machine.

For information on bundle dependencies, see System Requirements.

Before You Begin

Before you proceed with installation, note the following:

  • If your connection broker is configured to identify resources by host name, then DNS must be available and configured as follows:

    • Host names must be resolvable from the PCoIP Connection Manager server.

    • Host names must be resolvable from the PCoIP broker.

Downloading Offline Installation Bundle

You'll need a temporary machine with internet access.

  1. On the temporary machine, open a browser and go to the PCoIP Connection Manager and PCoIP Security Gateway download page, and download the installation bundle.

  2. Transfer the installation bundle to the production machine using any acceptable method, such as a USB flash drive or SCP.

Note: Create Offline Bundle

If you preferred to create your own offline bundle for specific reasons, you can follow bundle creation. However, we recommend using the pre-created offline installation bundle.

Installing PCoIP Connection Manager and the PCoIP Security Gateway

To install the PCoIP Connection Manager and the PCoIP Security Gateway:

  1. SSH into the production machine.

  2. Navigate to the directory where you placed the installer bundle.

  3. Extract the bundle and move into the newly-created teradici-pcoip-cmsg-bundle directory:

    tar xzvf pcoip-cmsg-setup_darksite-<version>.el8.tar.gz
    
    cd teradici-pcoip-cmsg-bundle
    
  4. Run the pcoip-cmsg-setup-offline.sh script to complete the installation

    • To install dependencies and follow the setup prompts to setup PCoIP Connection Manager and the PCoIP Security Gateway:

      sudo ./pcoip-cmsg-setup-offline.sh
      
      and skip the next step.

    • To install dependencies and run pcoip-cmsg-setup later to setup PCoIP Connection Manager and the PCoIP Security Gateway:

      sudo ./pcoip-cmsg-setup-offline.sh -d
      

  5. Move back up one directory level and then install the PCoIP Connection Manager and PCoIP Security Gateway:

    cd ..
    sudo pcoip-cmsg-setup install --darksite-bundle-path teradici-pcoip-cmsg-bundle <installation_flags>
    

    Important: Required installation flags

    There are a number of options and settings available. You can invoke the install command with the --help flag to list them:

    pcoip-cmsg-setup install --help
    

    They are also listed in the next section.

    The install command will prompt you for required parameters that have not been supplied via flags.

Installation Flags and Options

The following flags can be used to provide values at the command line. Flags that are required are identified in the description.

Boolean values should be provided as either true or false, lowercased, as in this example:

--example-flag=true
Flag                                                        Type Description
--accept-policies Boolean Automatically accepts the EULA and Privacy Policy.
Required.
--broker-url String The URL of the PCoIP Broker, specified either as a https://: or https://: or https://[]:.
Required.
--ca-cert String The full path and filename of the custom Certificate Authority's public certificate to be used in the PCoIP Connection Manager and PCoIP Security Gateway.
Required if --self-signed is not used.
--compose-file String Specify the full path to a local docker-compose file.
--darksite-bundle-path string The path of darksite install bundle to be used for darksite installation
--docker-password String Password to login to private registry.
--docker-registry String Specifies the HP source for Anyware Connector images to be install from.
Debugging only: This is intended to be used for debugging purposes and should not be used without guidance from HP support. Using this flag incorrectly can result in failed installations.
--docker-username String Username to login to private registry.
--enable-collaboration Boolean Allow multiple PCoIP clients to collaborate on a PCoIP agent. (Default=true)
--enable-ipv6 Boolean Enables IPv6 connections (Default=false).
To enable IPv6 use --enable-ipv6=true.
To disable IPv6 use --enable-ipv6=false, or omit this flag.
--external-pcoip-ip StringArray Sets the public IP address of Security Gateway.
If --enable-ipv6 is true, this option may be used twice (once for IPv4 and once for IPv6).
Required if PCoIP Security Gateway is enabled
--enable-security-gateway Boolean Enable and use the PCoIP Security Gateway (Default=true).
--help Lists all available flags.
--host-address stringArray Sets the host FQDN/IP address. The option may be used twice (once for the IP address and once for the FQDN)
--ignore-disk-req Boolean Ignore the check for the minimum disk space requirement.
--license-server-url String The address of the locally installed PCoIP License Server.
Example: https://<license-server-address>:<port>
--self-signed Boolean Automatically generate self-signed SSL cert and key for testing purposes. If specified, --ssl-key and --ssl-cert options are ignored.
--ssl-cert String The full path and filename of the SSL certificate to be used in the PCoIP Connection Manager and PCoIP Security Gateway.
Required if --self-signed is not used.
--ssl-key String The full path and filename of the SSL key to be used in the PCoIP Connection Manager and PCoIP Security Gateway.
Required if --self-signed is not used.
--docker-network-cidr Sets CIDR for Connection Manager's docker network for services. If default docker network IP range is conflict with intranet, this option should be used to solve the confliction

| --debug | String | Sets the log verbosity higher to help with debugging installation issues. | | --enable-connection-manager | Boolean | Enable and use the PCoIP Connection Manager (Default=true). | | --external-sg-ip | StringArray | Sets public IP addresses of external Security Gateways to enable gateway failover if a Security Gateway becomes unavailable. IP address should be provided in the format --external-sg-ip=ipAddr1 --external-sg-ip=ipAddr2... | | --jwt-verifying-cert | String | The full path and filename of the certificate to be used by an external PCoIP Security Gateway. | | --jwt-signing-key | String | The full path and filename of the key to be used when external PCoIP Security Gateway(s) are enabled. This flag is required if --external-sg-ip is used. |

Federated Authentication Flags

Flag                                                        Type Description
--enable-oauth Boolean Enables Oauth authentication. (Default=false)
--id-provider-url String Sets the identity provider URL. Example: --id-provider-url https://provider-1234567890.id.provider.com.
This flag is required if --enable-oauth is true.
--oauth-client-id String Gets the Client ID from the Identity Provider.
This flag is also required if --enable-oauth is "true".

Federated Authentication Single Sign-On Flags

Flag                                                        Type Description
--fa-url String Override the fhe Federated Auth Broker URL provided to the PCoIP Agent. This flag can be used if auto-detection is not correcting determining the connector address. for example https://cac-vm-fqdn:port
--enable-sso Boolean Enables SSO. (Default=False)
--sso-signing-csr-ca String Path to copy intermediate CA Certificate.
--sso-signing-csr-key String Path to the intermediate key.
--sso-signing-crl String Path to a certificate revocation list.
--sso-enrollment-url String Gets the URL to the Active Directory Certification Authority Web Enrollment Service.
--sso-enrollment-domain String Domain of the user to access Active Directory Certification Authority Web Enrollment Service.
--sso-enrollment-username String Username for accessing Active Directory Certification Authority Web Enrollment Service.
--sso-enrollment-password String Password for the username to access Active Directory Certification Authority Web Enrollment Service.
--sso-enrollment-certificate-template-name String Name of the certificate template that Active Directory Certification Authority Web Enrollment Service uses to sign CSR.

Enabling or Disabling the PCoIP Security Gateway

By default, the PCoIP Security Gateway is enabled when the bundle is installed. This configuration is highly recommended for deployments where users will connect over the WAN. If your users are behind a firewall and do not access their desktops from the WAN, you may not need the PCoIP Security Gateway.

If you are sure that you do not need the PCoIP Security Gateway, reinstall the bundle using the --enable-security-gateway=false flag.

To reenable the PCoIP Security Gateway, reinstall the bundle using the default options.

Creating the Installation Bundle

First, you'll download the package and dependencies to a temporary internet-connected machine, create an installation bundle.

To create the offline installation bundle:

  1. Install Docker onto the temporary machine.

  2. On the temporary, open a browser and go to the PCoIP Connection Manager and PCoIP Security Gateway download page.

  3. Click Downloads and scripts:

    Downloads and scripts

    If you see a login button instead, click it to log into the site and then proceed.

  4. Accept the End User License Agreement, then click Set Up Repository:

    Set up repository.

    The window will expand and show the setup scripts for each supported operating system. Copy the command for your system to the clipboard.

  5. Open a console window and paste in the command you copied in the previous step. You may need to press Enter to execute it.

    The command fetches a configuration script from our servers and runs it locally, setting up and configuring the repository on the local machine.

  6. Install pcoip-cmsg-setup

    sudo dnf install pcoip-cmsg-setup
    
  7. Find and note the rpm name for the setup package. We will use this name when creating the offline bundle next.

    sudo dnf info pcoip-cmsg-setup
    

    The rpm name will similar to this: pcoip-cmsg-setup-<version>-<release>.

  8. Create the offline install bundle:

    sudo pcoip-cmsg-setup create-darksite-bundle --pcoip-cmsg-rpm-path <rpm name>
    

    ...where <rpm name> is the name you noted in the previous step.

    The process will create a tarball called teradici-pcoip-cmsg-bundle.tar.gz.

Once this process has completed successfully, you can dispose of the temporary machine.