High Security Settings Checklist

The following table provides a list of PCoIP Remote Workstation Card security settings that are frequently used in high security deployments. Your network administrator or your security advisor must determine whether these settings are appropriate for your own network environment. The most secure options are shown and are presented in the order seen in the AWI.

PCoIP Remote Workstation Card Security Settings

Configuration Category Setting Name                                       Setting
Initial Setup Accept Any Client False
Network Enable 802.1x Security True
Network Enable 802.1x Authentication Identity Enter the username configured for the 802.1x authentication
Management Security Level High Security Environment - Bootstrap phase disabled
Access Disable Management Console Interface False

Warning: Disabling both the Management Console and AWI interfaces will make your hostcard unmanageable unless a factory reset is performed on the card

Access Disable Administrative Web Interface True
Access Force password change on next login True
Discovery Enable SLP Discovery False
SNMP Enable SNMP False
Session Accept Any Peer False
Session TLS Security Mode Suite B: TLS 1.2 with Suite B-compliant 192-bit elliptic curve encryption
Session Peer-to-Peer Certificate If a custom certificate is uploaded then it will appear in the Peer-to-Peer Certificate field and you will be able to select it to be used for PCoIP Zero Client to Remote Workstation Card peer-to-peer connections
Session PCoIP Data Encryption Ciphers AES-256-GCM
Session Enable DSCP False
USB Authorized Devices Enter the USB rule, class, sub class and protocol of authorized USB devices bridged to the host PC to gain access to the USB device.

Example: To allow USB access to HID devices only, click Add New and configure these settings:

  • Authorized:
    Rule Type: Class
    Device Class: Human Interface Device
    Sub Class: Any
    Protocol: Any